aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2018-10-10 23:36:15 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2018-10-14 13:57:14 +0200
commita1ad1144b61680cfa0803b681a3b55ff8c557022 (patch)
tree9e6d0edbf127be3b93df3d8dee9a1bbe5d7048c3 /package
parent779773a0dee759d87c483de266e41164cd851af0 (diff)
downloadupstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.tar.gz
upstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.tar.bz2
upstream-a1ad1144b61680cfa0803b681a3b55ff8c557022.zip
hostapd: SAE: Do not ignore option sae_require_mfp
This patch was send for integration into the hostapd project. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package')
-rw-r--r--package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch
new file mode 100644
index 0000000000..8810774665
--- /dev/null
+++ b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch
@@ -0,0 +1,26 @@
+From 54e0de1a9ee81477e9dfb93985c1fbf105b3d1d4 Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Wed, 10 Oct 2018 23:22:23 +0200
+Subject: SAE: Do not ignore option sae_require_mfp
+
+Without this patch sae_require_mfp is always activate, when ieee80211w
+is set to optional all stations negotiating SAEs are being rejected when
+they do not support PMF. With this patch hostapd only rejects these
+stations in case sae_require_mfp is set to some value and not null.
+
+Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations")
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+---
+ src/ap/wpa_auth_ie.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/ap/wpa_auth_ie.c
++++ b/src/ap/wpa_auth_ie.c
+@@ -721,6 +721,7 @@ int wpa_validate_wpa_ie(struct wpa_authe
+
+ #ifdef CONFIG_SAE
+ if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
++ wpa_auth->conf.sae_require_mfp &&
+ wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
+ !(data.capabilities & WPA_CAPABILITY_MFPC)) {
+ wpa_printf(MSG_DEBUG,