From: Jouni Malinen <jouni@codeaurora.org>
Date: Fri, 30 Aug 2019 12:22:42 +0000 (+0300)
Subject: HS 2.0 AP: Do not mandate PMF for HS 2.0 Indication in open OSU network
X-Git-Tag: hostap_2_10~2405
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a762ba8b1e7d25f81f1f913825d05b083af0204b;p=thirdparty%2Fhostap.git

HS 2.0 AP: Do not mandate PMF for HS 2.0 Indication in open OSU network

Even though the station is not supposed to include Hotspot 2.0
Indication element in the Association Request frame when connecting to
the open OSU BSS, some station devices seem to do so. With the strict
PMF-required-with-Hotspot-2.0-R2 interpretation, such connection
attempts were rejected. Relax this to only perform the PMF check if the
local AP configuration has PMF enabled, i.e., for the production BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db4..dc3c61ff7 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3243,7 +3243,8 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
 		sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
 						 elems.hs20_len - 4);
 		release = ((elems.hs20[4] >> 4) & 0x0f) + 1;
-		if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm)) {
+		if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm) &&
+		    hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
 			wpa_printf(MSG_DEBUG,
 				   "HS 2.0: PMF not negotiated by release %d station "
 				   MACSTR, release, MAC2STR(sta->addr));