From: Jouni Malinen <jouni@codeaurora.org>
Date: Sat, 8 Feb 2020 01:36:13 +0000 (+0200)
Subject: SAE: Verify that appropriate Status Code is used in SAE commit (SME)
X-Git-Tag: hostap_2_10~1863
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca1cecc54d7c43b29b0c3adb63e21b2381620bea;p=thirdparty%2Fhostap.git

SAE: Verify that appropriate Status Code is used in SAE commit (SME)

Previous version accepted both 0 and 126 values in SAE commit message
from the AP. Explicitly check that the value the AP uses matches what
the STA started with to avoid unexpected cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index eafff1d6a..64b22c451 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1291,6 +1291,19 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 				   "SAE: Ignore commit message while waiting for confirm");
 			return 0;
 		}
+		if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e &&
+		    status_code == WLAN_STATUS_SUCCESS) {
+			wpa_printf(MSG_DEBUG,
+				   "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
+			return -1;
+		}
+		if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->h2e &&
+		    status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
+			wpa_printf(MSG_DEBUG,
+				   "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
+			return -1;
+		}
+
 		if (groups && groups[0] <= 0)
 			groups = NULL;
 		res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,