From f8e96eb6fd960a017793942cff0eb43b09f444c6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 27 May 2009 09:52:24 +0300 Subject: [PATCH] hostapd: Require EAPOL-Key type to match with selected protocol Previously, we would have allowed both the WPA and RSN EAPOL-Key types to be used regardless of whether the association is using WPA or RSN/WPA2. This shouldn't result in any significant problems on the Authenticator side, but anyway, we should check the type and ignore the EAPOL-Key frames that used unexpected type. --- hostapd/wpa.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hostapd/wpa.c b/hostapd/wpa.c index 64bc6b39d..5ec7211fe 100644 --- a/hostapd/wpa.c +++ b/hostapd/wpa.c @@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, return; } + if (sm->wpa == WPA_VERSION_WPA2) { + if (key->type != EAPOL_KEY_TYPE_RSN) { + wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " + "unexpected type %d in RSN mode", + key->type); + return; + } + } else { + if (key->type != EAPOL_KEY_TYPE_WPA) { + wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " + "unexpected type %d in WPA mode", + key->type); + return; + } + } + /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys * are set */