RSNO: Omit RSNXE in (Re)Association Response frame like in Beacon frame

When rsn_override_omit_rsnxe=1 is used to omit the RSNXE from Beacon and
Probe Response frames, it should also be omitted from (Re)Association
Response frames since there is a general expectation on the RSNXE being
used consistently between these frames. This is unlikely to have much of
a difference for most use cases in practice, but this could impact FILS
association if the non-AP STA were to confirm that the unprotected and
protected version of the RSNXE from the AP were identical.

Fixes: 8b2ddfdbb688 ("RSNO: Allow RSNXE to be omitted")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 18f3103f785aa40931014a2ef17bae0ccdfc1b39..8206932f3fc7a71fe7d1a1be3b6250e503bf666a 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -5617,6 +5617,8 @@ static void handle_assoc(struct hostapd_data *hapd,
        if (reassoc && sta->auth_alg == WLAN_AUTH_FT)
                omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
 #endif /* CONFIG_IEEE80211R_AP */
+       if (hapd->conf->rsn_override_omit_rsnxe)
+               omit_rsnxe = 1;
 
        if (hostapd_get_aid(hapd, sta) < 0) {
                hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,