From: Jouni Malinen <jouni.malinen@oss.qualcomm.com>
Date: Tue, 2 Dec 2025 14:00:45 +0000 (+0200)
Subject: SAE: More specific initial auth trans seq check
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d0f442c0ce67b7afacc10a512c09fedc2c75192;p=thirdparty%2Fhostap.git

SAE: More specific initial auth trans seq check

Practically ignoring the check of the authentication transaction
sequence number for SAE here is overly permissive. While the unknown
values will result in same behavior at a later point in the process,
this initial check could as well handle those cases without needing any
additional processing.

Signed-off-by: Jouni Malinen <jouni.malinen@oss.qualcomm.com>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b89473675..6c1f85cf2 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3377,7 +3377,11 @@ static void handle_auth(struct hostapd_data *hapd,
 		goto fail;
 	}
 
-	if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
+	if (!(auth_transaction == 1 ||
+#ifdef CONFIG_SAE
+	      (auth_alg == WLAN_AUTH_SAE &&
+	       auth_transaction == WLAN_AUTH_TR_SEQ_SAE_CONFIRM) ||
+#endif /* CONFIG_SAE */
 #ifdef CONFIG_PASN
 	      (auth_alg == WLAN_AUTH_PASN &&
 	       auth_transaction == WLAN_AUTH_TR_SEQ_PASN_AUTH3) ||