Instead of practically ignoring an odd octet at the end of the element,
check for such invalid case explicitly. This is needed to avoid a
potential group downgrade attack.
Fixes: 444d76f74f65 ("SAE: Check that peer's rejected groups are not enabled")
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to depend on all uses (i.e., both hostapd and
wpa_supplicant) to verify that the length of the Rejected Groups field
in the Rejected Groups element is valid (i.e., a multiple of two octets)
since the common parser can reject the message when detecting this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of practically ignoring an odd octet at the end of the element,
check for such invalid case explicitly. This is needed to avoid a
potential group downgrade attack.
Signed-off-by: Jouni Malinen <j@w1.fi>
- Fix wrong reason code reported when softAP issues a disconnect for station
- Fix wrong reason code reported when association timeout happens at station
- Deprecate enums WIFI_REASON_ASSOC_EXPIRE, WIFI_REASON_NOT_AUTHED, WIFI_REASON_NOT_ASSOCED
and use WIFI_REASON_DISASSOC_DUE_TO_INACTIVITY,
WIFI_REASON_CLASS2_FRAME_FROM_NONAUTH_STA,
WIFI_REASON_CLASS3_FRAME_FROM_NONASSOC_STA respectively
- Update wifi documentation related to reason codes
When registrar somehow misses the WSC_DONE sent by station and station
goes for next connection after sending deauth, make sure that softAP
disables the registrar.
1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
3. refactor: Backport common changes in scan/connect path from 90cc6158
- 90cc6158 adds support for Network Introduction Protocol in DPP
4. Fix issue of supplicant using wrong parameters to configure bss
- Ensure that wpa_supplicant's state machine registers the requirement for rsnxe
before deciding to add rsnxe to a assoc request.
Co-authored-by: default avatarjgujarathi <jash.gujarathi@espressif.com>
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
* Fix send mgmt err when eapol process
* Fix data len not correct in he actions
1. Free temporary data used by SAE before memsetting the same
2. Drop any received auth response that uses a different algorithm than the one currently in use
Make sure that WPS registrar public APIs do not modify supplicant
data in application task context. Execute API functionlity in eloop
context to prevent protential race conditions.
