SAE: Send Commit message with unknown-password-id from Nothing state

The unknown-password-id case (i.e., BadId indicator in the SAE finite
state machine in the standard) is supposed to have different behavior
based on whether the current state is Nothing or Committed. The previous
hostapd implementation did not send a response Authentication frame in
either case, but the standard describes that behavior only for the
Committed state while the Nothing state is expected to report the
failure.

Update hostapd to send the Authentication frame with status code
indicating unknown password identifier when processing a Commit message
in the Nothing state.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 62b37de7c93bf625e3d54f1509ddeefaaeb7109d..c03b884331c8b03ea4ef303afc4c03f2c8619a2f 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1532,6 +1532,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                        sae_clear_retransmit_timer(hapd, sta);
                        sae_set_state(sta, SAE_NOTHING,
                                      "Unknown Password Identifier");
+                       if (sta->sae->state == SAE_NOTHING)
+                               goto reply;
                        goto remove_sta;
                }