diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index a05dd26a2..2184ea093 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -622,8 +622,7 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, #ifdef CONFIG_WEP int wep_ok; #endif /* CONFIG_WEP */ - bool is_6ghz_bss_or_mld = is_6ghz_freq(bss->freq) || - !is_zero_ether_addr(bss->mld_addr); + bool is_6ghz_bss = is_6ghz_freq(bss->freq); ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); if (ret >= 0) @@ -638,10 +637,10 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, #endif /* CONFIG_WEP */ rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); - if (is_6ghz_bss_or_mld && !rsn_ie) { + if (is_6ghz_bss && !rsn_ie) { if (debug_print) wpa_dbg(wpa_s, MSG_DEBUG, - " skip - 6 GHz/MLD BSS without RSNE"); + " skip - 6 GHz BSS without RSNE"); return 0; } @@ -659,8 +658,8 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, if (!ie.has_group) ie.group_cipher = wpa_default_rsn_cipher(bss->freq); - if (is_6ghz_bss_or_mld) { - /* WEP and TKIP are not allowed on 6 GHz */ + if (is_6ghz_bss || !is_zero_ether_addr(bss->mld_addr)) { + /* WEP and TKIP are not allowed on 6 GHz/MLD */ ie.pairwise_cipher &= ~(WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104 | WPA_CIPHER_TKIP); @@ -710,12 +709,12 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, break; } - if (is_6ghz_bss_or_mld) { + if (is_6ghz_bss) { /* MFPC must be supported on 6 GHz */ if (!(ie.capabilities & WPA_CAPABILITY_MFPC)) { if (debug_print) wpa_dbg(wpa_s, MSG_DEBUG, - " skip RSNE - 6 GHz/MLD without MFPC"); + " skip RSNE - 6 GHz without MFPC"); break; } @@ -755,10 +754,10 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, return 1; } - if (is_6ghz_bss_or_mld) { + if (is_6ghz_bss) { if (debug_print) wpa_dbg(wpa_s, MSG_DEBUG, - " skip - 6 GHz/MLD BSS without matching RSNE"); + " skip - 6 GHz BSS without matching RSNE"); return 0; } diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 29e0b3b4d..51bc44246 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -378,10 +378,12 @@ static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s, } -static bool wpas_ml_element(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) +static bool wpas_ml_element(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, + struct wpa_ssid *ssid) { struct wpabuf *mlbuf; - const u8 *rnr_ie, *pos; + const u8 *rnr_ie, *pos, *rsn_ie; + struct wpa_ie_data ie; u8 ml_ie_len, rnr_ie_len; const struct ieee80211_eht_ml *eht_ml; const struct eht_ml_basic_common_info *ml_basic_common_info; @@ -402,6 +404,26 @@ static bool wpas_ml_element(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) return false; } + rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); + if (!rsn_ie || wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) { + wpa_dbg(wpa_s, MSG_DEBUG, "MLD: No RSN element"); + goto out; + } + + if (!(ie.capabilities & WPA_CAPABILITY_MFPC) || + wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION) { + wpa_dbg(wpa_s, MSG_DEBUG, + "MLD: No management frame protection"); + goto out; + } + + ie.key_mgmt &= ~(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | + WPA_KEY_MGMT_PSK_SHA256); + if (!(ie.key_mgmt & ssid->key_mgmt)) { + wpa_dbg(wpa_s, MSG_DEBUG, "MLD: No valid key management"); + goto out; + } + ml_ie_len = wpabuf_len(mlbuf); /* control + common info len + MLD address + MLD link information */ @@ -604,7 +626,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, params.ssid_len = bss->ssid_len; params.p2p = ssid->p2p_group; - if (wpas_ml_element(wpa_s, bss)) { + if (wpas_ml_element(wpa_s, bss, ssid)) { wpa_printf(MSG_DEBUG, "MLD: In authentication"); params.mld = true; params.mld_link_id = wpa_s->mlo_assoc_link_id;