Apply the GAS specific rule of using Protected Dual of Public Action
frame only after having checked that the action code indicates this to
be a GAS response. Previously, non-GAS Public Action frames could have
been incorrectly dropped because of this check if received during an
association with PMF enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
if (gas == NULL || len < 4)
return -1;
if (gas == NULL || len < 4)
return -1;
+ pos = data;
+ action = *pos++;
+ dialog_token = *pos++;
+
+ if (action != WLAN_PA_GAS_INITIAL_RESP &&
+ action != WLAN_PA_GAS_COMEBACK_RESP)
+ return -1; /* Not a GAS response */
+
prot = categ == WLAN_ACTION_PROTECTED_DUAL;
pmf = pmf_in_use(gas->wpa_s, sa);
if (prot && !pmf) {
prot = categ == WLAN_ACTION_PROTECTED_DUAL;
pmf = pmf_in_use(gas->wpa_s, sa);
if (prot && !pmf) {
- pos = data;
- action = *pos++;
- dialog_token = *pos++;
-
- if (action != WLAN_PA_GAS_INITIAL_RESP &&
- action != WLAN_PA_GAS_COMEBACK_RESP)
- return -1; /* Not a GAS response */
-
query = gas_query_get_pending(gas, sa, dialog_token);
if (query == NULL) {
wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR
query = gas_query_get_pending(gas, sa, dialog_token);
if (query == NULL) {
wpa_printf(MSG_DEBUG, "GAS: No pending query found for " MACSTR