SAE: More specific initial auth trans seq check

Practically ignoring the check of the authentication transaction
sequence number for SAE here is overly permissive. While the unknown
values will result in same behavior at a later point in the process,
this initial check could as well handle those cases without needing any
additional processing.

Signed-off-by: Jouni Malinen <jouni.malinen@oss.qualcomm.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b894736758edbba39efec8f62301a9e4503da921..6c1f85cf2f4c20e252c3badaf74cc9b8eb541e4a 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3377,7 +3377,11 @@ static void handle_auth(struct hostapd_data *hapd,
                goto fail;
        }
 
-       if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
+       if (!(auth_transaction == 1 ||
+#ifdef CONFIG_SAE
+             (auth_alg == WLAN_AUTH_SAE &&
+              auth_transaction == WLAN_AUTH_TR_SEQ_SAE_CONFIRM) ||
+#endif /* CONFIG_SAE */
 #ifdef CONFIG_PASN
              (auth_alg == WLAN_AUTH_PASN &&
               auth_transaction == WLAN_AUTH_TR_SEQ_PASN_AUTH3) ||