diff options
| author | Jouni Malinen <jouni.malinen@atheros.com> | 2009-05-27 09:52:24 +0300 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2009-05-27 09:52:24 +0300 |
| commit | f8e96eb6fd960a017793942cff0eb43b09f444c6 (patch) | |
| tree | 9e9ef27b8309e92a3103ce1d0eaf76e63b79f56a /hostapd/wpa.c | |
| parent | 077a781f7ab4e87955f1a97fcd0b939c74a57165 (diff) | |
| download | external_wpa_supplicant_8_ti-f8e96eb6fd960a017793942cff0eb43b09f444c6.zip external_wpa_supplicant_8_ti-f8e96eb6fd960a017793942cff0eb43b09f444c6.tar.gz external_wpa_supplicant_8_ti-f8e96eb6fd960a017793942cff0eb43b09f444c6.tar.bz2 | |
hostapd: Require EAPOL-Key type to match with selected protocol
Previously, we would have allowed both the WPA and RSN EAPOL-Key
types to be used regardless of whether the association is using
WPA or RSN/WPA2. This shouldn't result in any significant problems
on the Authenticator side, but anyway, we should check the type and
ignore the EAPOL-Key frames that used unexpected type.
Diffstat (limited to 'hostapd/wpa.c')
| -rw-r--r-- | hostapd/wpa.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/hostapd/wpa.c b/hostapd/wpa.c index 64bc6b3..5ec7211 100644 --- a/hostapd/wpa.c +++ b/hostapd/wpa.c @@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, return; } + if (sm->wpa == WPA_VERSION_WPA2) { + if (key->type != EAPOL_KEY_TYPE_RSN) { + wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " + "unexpected type %d in RSN mode", + key->type); + return; + } + } else { + if (key->type != EAPOL_KEY_TYPE_WPA) { + wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " + "unexpected type %d in WPA mode", + key->type); + return; + } + } + /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys * are set */ |