From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Thu, 10 Oct 2024 08:53:29 +0000 (+0300)
Subject: RSNO: Omit RSNXE in (Re)Association Response frame like in Beacon frame
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1337b159b8304252f212357537e33928efbb931;p=thirdparty%2Fhostap.git

RSNO: Omit RSNXE in (Re)Association Response frame like in Beacon frame

When rsn_override_omit_rsnxe=1 is used to omit the RSNXE from Beacon and
Probe Response frames, it should also be omitted from (Re)Association
Response frames since there is a general expectation on the RSNXE being
used consistently between these frames. This is unlikely to have much of
a difference for most use cases in practice, but this could impact FILS
association if the non-AP STA were to confirm that the unprotected and
protected version of the RSNXE from the AP were identical.

Fixes: 8b2ddfdbb688 ("RSNO: Allow RSNXE to be omitted")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 18f3103f7..8206932f3 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -5617,6 +5617,8 @@ static void handle_assoc(struct hostapd_data *hapd,
 	if (reassoc && sta->auth_alg == WLAN_AUTH_FT)
 		omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
 #endif /* CONFIG_IEEE80211R_AP */
+	if (hapd->conf->rsn_override_omit_rsnxe)
+		omit_rsnxe = 1;
 
 	if (hostapd_get_aid(hapd, sta) < 0) {
 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,