From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Date: Wed, 8 May 2024 13:42:12 +0000 (+0300)
Subject: wpa_supplicant: Do not select a rejected SAE group
X-Git-Tag: hostap_2_11~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcf799c0dd46011519ee441432298ac21e3e5b0e;p=thirdparty%2Fhostap.git

wpa_supplicant: Do not select a rejected SAE group

Make sure that sme_set_sae_group() doesn't select a group that was
previously rejected during this instance of SAE authentication.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
---

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 2abc3eab8..1b05de066 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -71,7 +71,9 @@ static int sme_set_sae_group(struct wpa_supplicant *wpa_s, bool external)
 		int group = groups[wpa_s->sme.sae_group_index];
 		if (group <= 0)
 			break;
-		if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
+		if (!int_array_includes(wpa_s->sme.sae_rejected_groups,
+					group) &&
+		    sae_set_group(&wpa_s->sme.sae, group) == 0) {
 			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
 				wpa_s->sme.sae.group);
 			wpa_s->sme.sae.akmp = external ?