From ea4e0116da10da71b24b6cc87cb56d18b02e551e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 1 Nov 2024 12:06:10 +0200 Subject: [PATCH] SAE: Do not allow password identifier to be used without H2E When the concept of SAE password identifiers was introduced in IEEE P802.11REVme/D1.0, there was no requirement to use H2E with them. However, this was changed for the published IEEE Std 802.11-2020 to require H2E to avoid certain cases where the password identifier could not have been parsed robustly. Commit e36a5894d0c0 ("SAE: Use H2E whenever Password Identifier is used") started forcing H2E to be used when password identifiers were in use with SAE. However, it did not enforce rejection of cases where H2E was not enabled by a non-compliant implementation. Add that explicit check during parsing of SAE commit messages. Signed-off-by: Jouni Malinen --- src/common/sae.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/common/sae.c b/src/common/sae.c index 6b06473e1..ce282db6b 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -2049,7 +2049,7 @@ static u16 sae_parse_commit_element(struct sae_data *sae, const u8 **pos, } -static int sae_parse_password_identifier(struct sae_data *sae, +static int sae_parse_password_identifier(struct sae_data *sae, bool h2e, const u8 **pos, const u8 *end) { const u8 *epos; @@ -2075,6 +2075,12 @@ static int sae_parse_password_identifier(struct sae_data *sae, epos++; /* skip ext ID */ len--; + if (!h2e) { + wpa_printf(MSG_DEBUG, + "SAE: Password Identifier included, but H2E is not used"); + return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; + } + if (sae->no_pw_id) { wpa_printf(MSG_DEBUG, "SAE: Password Identifier included, but none has been enabled"); @@ -2205,7 +2211,7 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, pos, end - pos); /* Optional Password Identifier element */ - res = sae_parse_password_identifier(sae, &pos, end); + res = sae_parse_password_identifier(sae, h2e, &pos, end); if (res != WLAN_STATUS_SUCCESS) return res; -- 2.47.2