AP: Reflect status code in SAE reflection attack test

When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.

Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index a1a27f1020a6f7b9e73840b73fa9be854a444c69..2923932245c76ad59327d541b36b5017d2af2eed 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1241,6 +1241,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
                pos = mgmt->u.auth.variable;
                end = ((const u8 *) mgmt) + len;
+               resp = status_code;
                send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
                                auth_transaction, resp, pos, end - pos,
                                "auth-sae-reflection-attack");