From 1940559ea48174310ea1d4f9ca41b319cda701ab Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 29 Dec 2016 01:13:59 +0200 Subject: [PATCH] FT: Drop FT Action frames if ft_over_ds=0 Previously, the hostapd ft_over_ds parameter was used to only advertise whether FT-over-DS is enabled in MDE and leave it to the stations to follow that advertisement. This commit extends this to explicitly reject (silently drop) FT Action frames if a station does not follow the advertised capabilities. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth_ft.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 637d6d64e..7ab371f90 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -1293,6 +1293,11 @@ int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len) wpa_hexdump(MSG_MSGDUMP, "FT: Action frame body", ies, ies_len); + if (!sm->wpa_auth->conf.ft_over_ds) { + wpa_printf(MSG_DEBUG, "FT: Over-DS option disabled - reject"); + return -1; + } + /* RRB - Forward action frame to the target AP */ frame = os_malloc(sizeof(*frame) + len); if (frame == NULL)