From: Jouni Malinen <jouni.malinen@atheros.com>
Date: Wed, 27 May 2009 06:52:24 +0000 (+0300)
Subject: hostapd: Require EAPOL-Key type to match with selected protocol
X-Git-Url: https://vcs.maemo.org/git/?a=commitdiff_plain;h=f8e96eb6fd960a017793942cff0eb43b09f444c6;hp=077a781f7ab4e87955f1a97fcd0b939c74a57165;p=wpasupplicant

hostapd: Require EAPOL-Key type to match with selected protocol

Previously, we would have allowed both the WPA and RSN EAPOL-Key
types to be used regardless of whether the association is using
WPA or RSN/WPA2. This shouldn't result in any significant problems
on the Authenticator side, but anyway, we should check the type and
ignore the EAPOL-Key frames that used unexpected type.
---

diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index 64bc6b3..5ec7211 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -620,6 +620,22 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 		return;
 	}
 
+	if (sm->wpa == WPA_VERSION_WPA2) {
+		if (key->type != EAPOL_KEY_TYPE_RSN) {
+			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
+				   "unexpected type %d in RSN mode",
+				   key->type);
+			return;
+		}
+	} else {
+		if (key->type != EAPOL_KEY_TYPE_WPA) {
+			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
+				   "unexpected type %d in WPA mode",
+				   key->type);
+			return;
+		}
+	}
+
 	/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
 	 * are set */