RSN: Validate RSNXE match in EAPOL-Key msg 3/4 only when RSN is used

This is needed to avoid the corner case of local RSNXE aware station
being configured to behave as WPA(v1)-only STA when the AP might not
include RSNXE in EAPOL-Key msg 3/4.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e1aba36de93d41c68523dd4b0084160f325f66bb..9a5ba7b877c5851e74357d6194a08121b53d6753 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1572,11 +1572,12 @@ static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
                return -1;
        }
 
-       if ((sm->ap_rsnxe && !ie->rsnxe) ||
-           (!sm->ap_rsnxe && ie->rsnxe) ||
-           (sm->ap_rsnxe && ie->rsnxe &&
-            (sm->ap_rsnxe_len != ie->rsnxe_len ||
-             os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0))) {
+       if (sm->proto == WPA_PROTO_RSN &&
+           ((sm->ap_rsnxe && !ie->rsnxe) ||
+            (!sm->ap_rsnxe && ie->rsnxe) ||
+            (sm->ap_rsnxe && ie->rsnxe &&
+             (sm->ap_rsnxe_len != ie->rsnxe_len ||
+              os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)))) {
                wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
                        "WPA: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
                wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",