From dee670312207560509b3a9f3e9e86e8d4c86b620 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Tue, 19 Mar 2019 11:36:49 -0700 Subject: [PATCH] sae: check group number on UNSUPP_FINITE_CYCLIC_GROUP Hostapd has now been updated to include the group number when rejecting the connection with UNSUPP_FINITE_CYCLIC_GROUP. We still need the existing len == 0 check because old hostapd versions will still behave this way. --- src/sae.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sae.c b/src/sae.c index 362e95cb..782a3069 100644 --- a/src/sae.c +++ b/src/sae.c @@ -758,6 +758,8 @@ static bool sae_verify_committed(struct sae_sm *sm, uint16_t transaction, */ if (len == 0) l_warn("AP did not include group number in response!"); + else if (len >= 2 && (l_get_le16(frame) != sm->group)) + return false; sm->group_retry++;