This fixes a regression introduced in wpa_supplicant 2.10 that prevents
ipw2x00 cards from connecting to mixed WPA2/3 networks.
The driver does not handle WLAN_EID_RSNX elements (see libipw_rx.c,
libipw_parse_info_param), but my WPA2/3 mixed mode AP operated by
hostapd on OpenWRT sends it in EAPOL, which is handled by wpa_supplicant
without driver involvement.
---
src/rsn_supp/wpa.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index f5319c606..be01d1384 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2220,12 +2220,23 @@ static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
return -1;
}
- if (sm->proto == WPA_PROTO_RSN &&
- ((sm->ap_rsnxe && !ie->rsnxe) ||
- (!sm->ap_rsnxe && ie->rsnxe) ||
- (sm->ap_rsnxe && ie->rsnxe &&
- (sm->ap_rsnxe_len != ie->rsnxe_len ||
- os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)))) {
+ if (sm->proto == WPA_PROTO_RSN && !sm->ap_rsnxe && ie->rsnxe) {
+ /* This happens when connecting to a WPA 2/3 transition mode
+ * AP with drivers that do not understand WLAN_EID_RSNX, e.g.
+ * ipw2x00. Print a warning but continue.
+ */
+ wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "Possible downgrade "
+ "attack or old driver detected - RSNX was "
+ "enabled and RSNX IE was in msg 3/4, but "
+ "not in Beacon/ProbeResp (src=" MACSTR ")",
+ MAC2STR(src_addr));
+ wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4",
+ ie->rsnxe, ie->rsnxe_len);
+ }
+
+ if (sm->proto == WPA_PROTO_RSN && sm->ap_rsnxe &&
+ (!ie->rsnxe || sm->ap_rsnxe_len != ie->rsnxe_len ||
+ os_memcmp(sm->ap_rsnxe, ie->rsnxe, sm->ap_rsnxe_len) != 0)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"WPA: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4");
wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp",
--
2.49.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
