From afd120d03bf521df4c6c323952e30348c1103b8e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 1 Nov 2024 12:18:41 +0200 Subject: [PATCH] SAE: Send Commit message with unknown-password-id from Nothing state The unknown-password-id case (i.e., BadId indicator in the SAE finite state machine in the standard) is supposed to have different behavior based on whether the current state is Nothing or Committed. The previous hostapd implementation did not send a response Authentication frame in either case, but the standard describes that behavior only for the Committed state while the Nothing state is expected to report the failure. Update hostapd to send the Authentication frame with status code indicating unknown password identifier when processing a Commit message in the Nothing state. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 62b37de7c..c03b88433 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -1532,6 +1532,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, sae_clear_retransmit_timer(hapd, sta); sae_set_state(sta, SAE_NOTHING, "Unknown Password Identifier"); + if (sta->sae->state == SAE_NOTHING) + goto reply; goto remove_sta; } -- 2.47.2