From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 12 Dec 2014 12:03:36 +0000 (+0200)
Subject: Fix AP IE in EAPOL-Key 3/4 for WPA + FT combination
X-Git-Tag: hostap_2_4~816
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=774d4145131ceaef5016c8010ccc3f205b4b1ec6;p=thirdparty%2Fhostap.git

Fix AP IE in EAPOL-Key 3/4 for WPA + FT combination

Previously, only WPA + WPA2 was covered. If FT is enabled in addition to
WPA, MDIE is included in the buffer between RSN and WPA elements. The
previous version ended up leaving only the MDIE after having skipped RSN
element. Fix this to skip MDIE as well to leave only WPA IE regardless
of whether FT is enabled in AP configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c422044ad..da2073c0a 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2118,8 +2118,10 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
 	if (sm->wpa == WPA_VERSION_WPA &&
 	    (sm->wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
 	    wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) {
-		/* WPA-only STA, remove RSN IE */
+		/* WPA-only STA, remove RSN IE and possible MDIE */
 		wpa_ie = wpa_ie + wpa_ie[1] + 2;
+		if (wpa_ie[0] == WLAN_EID_MOBILITY_DOMAIN)
+			wpa_ie = wpa_ie + wpa_ie[1] + 2;
 		wpa_ie_len = wpa_ie[1] + 2;
 	}
 	wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,