[OpenWrt-Devel] [PATCH 3/9] hostapd: SAE: Do not ignore option sae_require_mfp

[Hauke Mehrtens]

Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 ...-SAE-Do-not-ignore-option-sae_require_mfp.patch | 26 ++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch

diff --git a/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch
new file mode 100644
index 0000000000..8810774665
--- /dev/null
+++ b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch
@@ -0,0 +1,26 @@
+From 54e0de1a9ee81477e9dfb93985c1fbf105b3d1d4 Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke at hauke-m.de>
+Date: Wed, 10 Oct 2018 23:22:23 +0200
+Subject: SAE: Do not ignore option sae_require_mfp
+
+Without this patch sae_require_mfp is always activate, when ieee80211w
+is set to optional all stations negotiating SAEs are being rejected when
+they do not support PMF. With this patch hostapd only rejects these
+stations in case sae_require_mfp is set to some value and not null.
+
+Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations")
+Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
+---
+ src/ap/wpa_auth_ie.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/src/ap/wpa_auth_ie.c
++++ b/src/ap/wpa_auth_ie.c
+@@ -721,6 +721,7 @@ int wpa_validate_wpa_ie(struct wpa_authe
+ 
+ #ifdef CONFIG_SAE
+ 	if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
++	    wpa_auth->conf.sae_require_mfp &&
+ 	    wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
+ 	    !(data.capabilities & WPA_CAPABILITY_MFPC)) {
+ 		wpa_printf(MSG_DEBUG,
-- 
2.11.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel