Fixed WPA/RSN IE validation to verify the proto (WPA vs. WPA2) is enabled

Previous version could have allowed a broken client to complete WPA (or
WPA2) authentication even if the selected proto was not enabled in hostapd
configuration.

diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 742464a..613f3e3 100644 (file)
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -17,6 +17,8 @@ ChangeLog for hostapd
          (IEEE 802.11w)
        * added new "driver wrapper" for RADIUS-only configuration
          (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
+       * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
+         is enabled in configuration
 
 2008-08-10 - v0.6.4
        * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2

diff --git a/hostapd/wpa.h b/hostapd/wpa.h
index 74bea27..567a8bf 100644 (file)
--- a/hostapd/wpa.h
+++ b/hostapd/wpa.h
@@ -216,7 +216,7 @@ enum {
        WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE,
        WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL,
        WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER,
-       WPA_INVALID_MDIE
+       WPA_INVALID_MDIE, WPA_INVALID_PROTO
 };
        
 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,

diff --git a/hostapd/wpa_auth_ie.c b/hostapd/wpa_auth_ie.c
index 3f6551f..3ac9d67 100644 (file)
--- a/hostapd/wpa_auth_ie.c
+++ b/hostapd/wpa_auth_ie.c
@@ -470,6 +470,12 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
        else
                version = WPA_PROTO_WPA;
 
+       if (!(wpa_auth->conf.wpa & version)) {
+               wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
+                          version, MAC2STR(sm->addr));
+               return WPA_INVALID_PROTO;
+       }
+
        if (version == WPA_PROTO_RSN) {
                res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);