From: Jia Ding <jiad@codeaurora.org>
Date: Wed, 14 Jul 2021 06:59:26 +0000 (+0800)
Subject: AP: Don't increment auth_transaction upon SAE authentication failure
X-Git-Tag: hostap_2_10~237
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9557ba336bbcfbad8bbf70df8bec4a22eda02036;p=thirdparty%2Fhostap.git

AP: Don't increment auth_transaction upon SAE authentication failure

IEEE Std 802.11-2016, 12.4.7.6 specifies:

An SAE Commit message with a status code not equal to SUCCESS shall
indicate that a peer rejects a previously sent SAE Commit message.

An SAE Confirm message, with a status code not equal to SUCCESS, shall
indicate that a peer rejects a previously sent SAE Confirm message.

Thus when SAE authentication failure happens, authentication transaction
sequence number should not be incremented.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b404e84af..22cce9610 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3943,8 +3943,10 @@ static void handle_auth(struct hostapd_data *hapd,
 
  fail:
 	reply_res = send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, auth_alg,
-				    auth_transaction + 1, resp, resp_ies,
-				    resp_ies_len, "handle-auth");
+				    auth_alg == WLAN_AUTH_SAE ?
+				    auth_transaction : auth_transaction + 1,
+				    resp, resp_ies, resp_ies_len,
+				    "handle-auth");
 
 	if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
 					  reply_res != WLAN_STATUS_SUCCESS)) {