From: Jouni Malinen <j@w1.fi>
Date: Sun, 28 Jan 2024 16:41:06 +0000 (+0200)
Subject: Discard EAPOL-Key request without Secure=1
X-Git-Tag: hostap_2_11~401
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b27086e6ebe3a55eb4e68dc55df8e7bf3b9944fc;p=thirdparty%2Fhostap.git

Discard EAPOL-Key request without Secure=1

EAPOL-Key request is accepted only if the MIC has been verified, so PTK
must have already been derived and Secure=1 needs to be used. Check the
Secure bit explicitly for completeness even though the MIC verification
is already taking care of validating that the sender is in the
possession of valid keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index b07f13647..79ecd4e5b 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1516,6 +1516,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 	}
 
 	if (key_info & WPA_KEY_INFO_REQUEST) {
+		if (!(key_info & WPA_KEY_INFO_SECURE)) {
+			wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
+					LOGGER_INFO,
+					"received EAPOL-Key request without Secure=1");
+			goto out;
+		}
 		if (sm->MICVerified) {
 			sm->req_replay_counter_used = 1;
 			os_memcpy(sm->req_replay_counter, key->replay_counter,