[PATCH v2 3/4] mesh: Fix reception of confirm frame with error status code

Masashi Honma masashi.honma at gmail.com
Wed Nov 26 20:28:14 EST 2014


When sae_check_confirm() failed, confirm frame would be sent without data.
This causes "SAE: Too short confirm message" to opposite STA and this result in
continuous frame exchange on mesh BSS.
---
 src/ap/ieee802_11.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 1dbd996..8e04dfa 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -716,6 +716,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 			       HOSTAPD_LEVEL_DEBUG,
 			       "SAE authentication (RX confirm)");
+		if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) {
+			wpa_printf(MSG_ERROR,
+				   "SAE: Drop Confirm Message with status code=%d",
+				   mgmt->u.auth.status_code);
+			return;
+		}
+
 		if (sta->sae->state >= SAE_CONFIRMED ||
 		    !(hapd->conf->mesh & MESH_ENABLED)) {
 			if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
-- 
1.9.1



More information about the HostAP mailing list