[PATCH v2 3/4] mesh: Fix reception of confirm frame with error status code

Jouni Malinen j
Sun Dec 14 14:11:59 PST 2014

On Thu, Nov 27, 2014 at 10:28:14AM +0900, Masashi Honma wrote:
> When sae_check_confirm() failed, confirm frame would be sent without data.
> This causes "SAE: Too short confirm message" to opposite STA and this result in
> continuous frame exchange on mesh BSS.

Checking Status Code itself is fine, but this does not work on big
endian CPU:

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -716,6 +716,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
> +		if (mgmt->u.auth.status_code != WLAN_STATUS_SUCCESS) {
> +			wpa_printf(MSG_ERROR,
> +				   "SAE: Drop Confirm Message with status code=%d",
> +				   mgmt->u.auth.status_code);
> +			return;
> +		}

That mgmt->u.auth.status_code is little endian.

I would have also needed Signed-off-by: line in the commit message to be
able to apply this. Anyway, I'm covering this area with the more generic
change that adds more status code validation steps (and fixes similar
byte order issue in anti-clogging token case on mesh).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list