FT: Explicitly check for MDE not present in non-FT association

IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an
(Re)Association Request frame but the RSNE uses a non-FT AKM suite, the
AP shall reject the association using status code 43 ("Invalid AKMP").

wpa_validate_wpa_ie() now explicitly checks for this condition to meet
this requirement instead of simply ignoring the MDE based on non-FT AKM.

Signed-off-by: Will Glynn <will@willglynn.com>

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 1df3009f3cbd33d1e6b5dec2e35556068224fed0..c770d62a0b121aa3e52350c2d6476ee66e40daa5 100644 (file)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -716,6 +716,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
                                    "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
                        return WPA_INVALID_MDIE;
                }
+       } else if (mdie != NULL) {
+               wpa_printf(MSG_DEBUG,
+                          "RSN: Trying to use non-FT AKM suite, but MDIE included");
+               return WPA_INVALID_AKMP;
        }
 #endif /* CONFIG_IEEE80211R_AP */