Do not skip MBO PMF check with the WPS special case WPA check exception

The MBO PMF check for AP SME in the driver case was added into a
location that is skipped for WPS processing. That was not really the
correct place for this since the skip_wpa_check label was supposed to
remain immediately following the WPA checks. While this does not really
have much of a practical impact, move the check around so that the
skip_wpa_check label remains where it is supposed to be.

Fixes: 4c572281edaa ("MBO: Mandate use of PMF for WPA2+MBO association (AP)")
Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 9ed131cfd88e78b4c6c5e35de3ba20c4a1e9755e..61e56b6e5a3e4da2829c73024053a39cca3dcdc0 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -467,6 +467,9 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
                        return WLAN_STATUS_INVALID_IE;
 #endif /* CONFIG_HS20 */
        }
+#ifdef CONFIG_WPS
+skip_wpa_check:
+#endif /* CONFIG_WPS */
 
 #ifdef CONFIG_MBO
        if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
@@ -478,10 +481,6 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
        }
 #endif /* CONFIG_MBO */
 
-#ifdef CONFIG_WPS
-skip_wpa_check:
-#endif /* CONFIG_WPS */
-
 #ifdef CONFIG_IEEE80211R_AP
        p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
                                        sta->auth_alg, req_ies, req_ies_len);