From: Thomas Pedersen <thomas@adapt-ip.com>
Date: Tue, 25 Aug 2020 15:48:06 +0000 (-0700)
Subject: AP: Reflect status code in SAE reflection attack test
X-Git-Tag: hostap_2_10~906
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a28d127b1a994a8d25e51c69686d8db9e9fcdf62;p=thirdparty%2Fhostap.git

AP: Reflect status code in SAE reflection attack test

When testing SAE reflection, the incoming commit may have the H2E status
code (126) or SAE-PK (127), but the test code in the AP was always
sending back status code 0. The STA would then reject the commit
response due to expecting H2E/SAE-PK status code.

Just reflect the incoming status code so the commit can be rejected
based on the SAE contents regardless of which variant of SAE was used.

Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index a1a27f102..292393224 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1241,6 +1241,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 		wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
 		pos = mgmt->u.auth.variable;
 		end = ((const u8 *) mgmt) + len;
+		resp = status_code;
 		send_auth_reply(hapd, sta, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
 				auth_transaction, resp, pos, end - pos,
 				"auth-sae-reflection-attack");