The previous implementation did not check that we are associated with
the sender of the GAS response before checking for PMF status. This
could have accepted Venue URL when not in associated state. Fix this by
explicitly checking for association with the responder first.
This fixes an issue that was detected, e.g., with these hwsim test case
sequences:
gas_anqp_venue_url_pmf gas_anqp_venue_url
gas_prot_vs_not_prot gas_anqp_venue_url
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
}
-static int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
+int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
{
if (wpa_s->current_ssid == NULL ||
wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
int gas_query_rx(struct gas_query *gas, const u8 *da, const u8 *sa,
const u8 *bssid, u8 categ, const u8 *data, size_t len,
int freq);
+int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr);
/**
* enum gas_query_result - GAS query result
MAC2STR(sa));
anqp_add_extra(wpa_s, anqp, info_id, pos, slen);
- if (!wpa_sm_pmf_enabled(wpa_s->wpa)) {
+ if (!pmf_in_use(wpa_s, sa)) {
wpa_printf(MSG_DEBUG,
"ANQP: Ignore Venue URL since PMF was not enabled");
break;