wpa_supplicant: Do not select a rejected SAE group

Make sure that sme_set_sae_group() doesn't select a group that was
previously rejected during this instance of SAE authentication.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
Andrei Otcheretianski 2024-05-08 16:42:12 +03:00 committed by Jouni Malinen
parent 5f83f4db0b
commit fcf799c0dd

View file

@ -71,7 +71,9 @@ static int sme_set_sae_group(struct wpa_supplicant *wpa_s, bool external)
int group = groups[wpa_s->sme.sae_group_index]; int group = groups[wpa_s->sme.sae_group_index];
if (group <= 0) if (group <= 0)
break; break;
if (sae_set_group(&wpa_s->sme.sae, group) == 0) { if (!int_array_includes(wpa_s->sme.sae_rejected_groups,
group) &&
sae_set_group(&wpa_s->sme.sae, group) == 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d", wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
wpa_s->sme.sae.group); wpa_s->sme.sae.group);
wpa_s->sme.sae.akmp = external ? wpa_s->sme.sae.akmp = external ?