From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 31 Oct 2024 21:59:45 +0000 (+0200)
Subject: SAE: Do not use the wpa_passphrase if SAE password identifier was used
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90a3b4a91a5dff29b8e8431983aacfc7aad52381;p=thirdparty%2Fhostap.git

SAE: Do not use the wpa_passphrase if SAE password identifier was used

Sharing of the WPA-PSK passphrase as the SAE password is only for the
case where no SAE password identifiers are used. Do not consider that on
an AP if a STA includes SAE password identifier in an SAE commit
message. This avoids confusing cases where SAE would be allowed to
continue with the AP and the STA using different password identifier
which is going to fail in the end.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 9dccdb370..62b37de7c 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -577,12 +577,12 @@ const char * sae_get_password(struct hostapd_data *hapd,
 			pk = pw->pk;
 		break;
 	}
-	if (!password) {
+	if (!password && !rx_id) {
 		password = hapd->conf->ssid.wpa_passphrase;
 		pt = hapd->conf->ssid.pt;
 	}
 
-	if (!password && sta) {
+	if (!password && sta && !rx_id) {
 		for (psk = sta->psk; psk; psk = psk->next) {
 			if (psk->is_passphrase) {
 				password = psk->passphrase;