From a952cc6a47341823cb47f7e90acbecaa13984605 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Mon, 10 Apr 2023 11:00:49 -0700 Subject: [PATCH] eapol: relax (but warn) on secure bit check in handshake 1/4 Hostapd commit bc36991791 now properly sets the secure bit on message 1/4. This was addressed in an earlier IWD commit but neglected to allow for backwards compatibility. The check is fatal which now breaks earlier hostapd version (older than 2.10). Instead warn on this condition rather than reject the rekey. Fixes: 7fad6590bd ("eapol: allow 'secure' to be set on rekeys") --- src/eapol.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 3d7d33e0..9471d13e 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -478,8 +478,7 @@ bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek, size_t mic_len, if (ek->key_mic) return false; - if (ek->secure != ptk_complete) - return false; + L_WARN_ON(ek->secure != ptk_complete); if (ek->encrypted_key_data) return false;