[PATCH] Verify MFPC/MFPR capability setting of WPA SM

Ilan Peer ilan.peer at intel.com
Wed Nov 5 03:50:36 EST 2014


From: Max Stepanov <Max.Stepanov at intel.com>

Prevent setting of MFPC/MFPR capabilities of WPA SM in
wpa_supplicant_set_suites() function if MFPC is not set in RSN IE of
the selected BSS.

Signed-off-by: Max Stepanov <Max.Stepanov at intel.com>
---
 wpa_supplicant/wpa_supplicant.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 5a4d8dc..67aeaa4 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -984,6 +984,9 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 	struct wpa_ie_data ie;
 	int sel, proto;
 	const u8 *bss_wpa, *bss_rsn, *bss_osen;
+#ifdef CONFIG_IEEE80211W
+	int pmf;
+#endif
 
 	if (bss) {
 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
@@ -1170,9 +1173,14 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 	}
 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
 			 wpa_s->mgmt_group_cipher);
-	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
-			 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
-			  wpa_s->conf->pmf : ssid->ieee80211w));
+
+	if (ie.capabilities & WPA_CAPABILITY_MFPC)
+		pmf = ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
+				wpa_s->conf->pmf : ssid->ieee80211w;
+	else
+		pmf = 0;
+
+	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, pmf);
 #endif /* CONFIG_IEEE80211W */
 
 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
-- 
1.8.3.2



More information about the HostAP mailing list