From: Benjamin Berg <benjamin.berg@intel.com>
Date: Thu, 18 Dec 2025 16:19:34 +0000 (+0100)
Subject: AP: Do not store RSNXE for WPA 1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31e55e6d2ad87a251cfc7ee19c303dbe96577162;p=thirdparty%2Fhostap.git

AP: Do not store RSNXE for WPA 1

If the connection is using WPA 1, then the RSNXE will not be inclued in
the KDE. So do not store it to not trigger a verification mismatch later
because the RSNXE is not in the KDE as would be expected otherwise.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
---

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 220ac809f..7094cf234 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -1360,7 +1360,7 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
 	sm->wpa_ie_len = wpa_ie_len;
 
-	if (rsnxe && rsnxe_len) {
+	if (sm->wpa != WPA_VERSION_WPA && rsnxe && rsnxe_len) {
 		if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
 			os_free(sm->rsnxe);
 			sm->rsnxe = os_malloc(rsnxe_len);