SAE: Reject request with mismatching PMKID (no PMKSA cache entry)
Reject SAE association request when PMKID is included in the RSNE, but the corresponding PMKSA is not available in the AP. Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
This commit is contained in:
Ashok Ponnaiah
Jouni Malinen
parent
5ac4346426
commit
458d8984de
1 changed files with 9 additions and 0 deletions
|
|
@ -827,6 +827,15 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SAE
|
||||
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
|
||||
!sm->pmksa) {
|
||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
||||
"No PMKSA cache entry found for SAE");
|
||||
return WPA_INVALID_PMKID;
|
||||
}
|
||||
#endif /* CONFIG_SAE */
|
||||
|
||||
#ifdef CONFIG_DPP
|
||||
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
|
||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
||||
|
|
|
|||
Loading…
Reference in a new issue