DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Discard EAPOL-Key request without Secure=1

Browse source 
EAPOL-Key request is accepted only if the MIC has been verified, so PTK
must have already been derived and Secure=1 needs to be used. Check the
Secure bit explicitly for completeness even though the MIC verification
is already taking care of validating that the sender is in the
possession of valid keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-01-28 18:41:06 +02:00
parent 0967940885
commit b27086e6eb
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/ap/wpa_auth.c
View file

@ -1516,6 +1516,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
}
if (key_info & WPA_KEY_INFO_REQUEST) {
if (!(key_info & WPA_KEY_INFO_SECURE)) {
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
LOGGER_INFO,
"received EAPOL-Key request without Secure=1");
goto out;
}
if (sm->MICVerified) {
sm->req_replay_counter_used = 1;
os_memcpy(sm->req_replay_counter, key->replay_counter,