eapol: Handle all zero PMKID

2024-11-22 23:09:34 +01:00 · 2018-07-01 20:40:40 -05:00 · 2018-07-01 20:40:40 -05:00 · 1c9a1ea46d
commit 1c9a1ea46d
parent 7676aa2107
1 changed files with 14 additions and 1 deletions
--- a/src/eapol.c
+++ b/src/eapol.c
@ -966,6 +966,8 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,

 		if (handshake_state_get_pmkid(sm->handshake, own_pmkid) &&
 				memcmp(pmkid, own_pmkid, 16)) {
+			l_debug("Authenticator sent a PMKID that didn't match");
+
 			/*
 			 * If the AP has a different PMKSA from ours and we
 			 * have means to create a new PMKSA through EAP then
@ -974,7 +976,18 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
 			if (sm->eap) {
 				send_eapol_start(NULL, sm);
 				return;
-			} else
+			}
+
+			/*
+			 * Some APs are known to send a PMKID KDE with all
+			 * zeros for the PMKID.  Likely we can still
+			 * successfully negotiate a handshake, so ignore this
+			 * for now and treat it as if the PMKID KDE was not
+			 * included
+			 */
+			if (util_mem_is_zero(pmkid, 16))
+				l_debug("PMKID is all zero, ignoring");
+			else
 				goto error_unspecified;
 		}
 	}