When the concept of SAE password identifiers was introduced in IEEE
P802.11REVme/D1.0, there was no requirement to use H2E with them.
However, this was changed for the published IEEE Std 802.11-2020 to
require H2E to avoid certain cases where the password identifier could
not have been parsed robustly.
Commit
e36a5894d0c0 ("SAE: Use H2E whenever Password Identifier is
used") started forcing H2E to be used when password identifiers were in
use with SAE. However, it did not enforce rejection of cases where H2E
was not enabled by a non-compliant implementation. Add that explicit
check during parsing of SAE commit messages.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
}
-static int sae_parse_password_identifier(struct sae_data *sae,
+static int sae_parse_password_identifier(struct sae_data *sae, bool h2e,
const u8 **pos, const u8 *end)
{
const u8 *epos;
epos++; /* skip ext ID */
len--;
+ if (!h2e) {
+ wpa_printf(MSG_DEBUG,
+ "SAE: Password Identifier included, but H2E is not used");
+ return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER;
+ }
+
if (sae->no_pw_id) {
wpa_printf(MSG_DEBUG,
"SAE: Password Identifier included, but none has been enabled");
pos, end - pos);
/* Optional Password Identifier element */
- res = sae_parse_password_identifier(sae, &pos, end);
+ res = sae_parse_password_identifier(sae, h2e, &pos, end);
if (res != WLAN_STATUS_SUCCESS)
return res;
projects / thirdparty / hostap.git / commitdiff
