Instead of practically ignoring an odd octet at the end of the element,
check for such invalid case explicitly. This is needed to avoid a
potential group downgrade attack.
Fixes: 444d76f74f65 ("SAE: Check that peer's rejected groups are not enabled")
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to depend on all uses (i.e., both hostapd and
wpa_supplicant) to verify that the length of the Rejected Groups field
in the Rejected Groups element is valid (i.e., a multiple of two octets)
since the common parser can reject the message when detecting this.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of practically ignoring an odd octet at the end of the element,
check for such invalid case explicitly. This is needed to avoid a
potential group downgrade attack.
Signed-off-by: Jouni Malinen <j@w1.fi>
- Fix wrong reason code reported when softAP issues a disconnect for station
- Fix wrong reason code reported when association timeout happens at station
- Deprecate enums WIFI_REASON_ASSOC_EXPIRE, WIFI_REASON_NOT_AUTHED, WIFI_REASON_NOT_ASSOCED
and use WIFI_REASON_DISASSOC_DUE_TO_INACTIVITY,
WIFI_REASON_CLASS2_FRAME_FROM_NONAUTH_STA,
WIFI_REASON_CLASS3_FRAME_FROM_NONASSOC_STA respectively
- Update wifi documentation related to reason codes
When registrar somehow misses the WSC_DONE sent by station and station
goes for next connection after sending deauth, make sure that softAP
disables the registrar.
1. Add support for SAE-PK and WPA3-Enterprise transition disable
2. Add support to handle OWE transition disable indication from AP
3. refactor: Backport common changes in scan/connect path from 90cc6158
- 90cc6158 adds support for Network Introduction Protocol in DPP
4. Fix issue of supplicant using wrong parameters to configure bss
- Ensure that wpa_supplicant's state machine registers the requirement for rsnxe
before deciding to add rsnxe to a assoc request.
Co-authored-by: default avatarjgujarathi <jash.gujarathi@espressif.com>
* Fix issues related to mgmt packets encryption in GCMP
* Fix issue of wrong decryption of mgmt packets when PMF is enabled
* Fix softAP bug in handling of SAE Reauthentication
* Fix send mgmt err when eapol process
* Fix data len not correct in he actions
1. Free temporary data used by SAE before memsetting the same
2. Drop any received auth response that uses a different algorithm than the one currently in use
