From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Fri, 1 Nov 2024 10:18:41 +0000 (+0200)
Subject: SAE: Send Commit message with unknown-password-id from Nothing state
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afd120d03bf521df4c6c323952e30348c1103b8e;p=thirdparty%2Fhostap.git

SAE: Send Commit message with unknown-password-id from Nothing state

The unknown-password-id case (i.e., BadId indicator in the SAE finite
state machine in the standard) is supposed to have different behavior
based on whether the current state is Nothing or Committed. The previous
hostapd implementation did not send a response Authentication frame in
either case, but the standard describes that behavior only for the
Committed state while the Nothing state is expected to report the
failure.

Update hostapd to send the Authentication frame with status code
indicating unknown password identifier when processing a Commit message
in the Nothing state.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 62b37de7c..c03b88433 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1532,6 +1532,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
 			sae_clear_retransmit_timer(hapd, sta);
 			sae_set_state(sta, SAE_NOTHING,
 				      "Unknown Password Identifier");
+			if (sta->sae->state == SAE_NOTHING)
+				goto reply;
 			goto remove_sta;
 		}