[PATCH 3/4] SAE: Fix confirm frame tx on error path

Jouni Malinen j
Tue Nov 25 06:36:06 PST 2014

On Tue, Nov 25, 2014 at 11:04:42AM +0900, Masashi Honma wrote:
> When sae_check_confirm() failed, confirm frame would be sent without data.
> This causes "SAE: Too short confirm message" to opposite STA and this result in
> continuous frame exchange.

That would be reason to fix the other end, not this end..

> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -721,6 +721,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
>  			if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
>  					      ((u8 *) mgmt) + len -
>  					      mgmt->u.auth.variable) < 0) {
> +				data = auth_build_sae_confirm(hapd, sta);
>  				goto reply;
>  			}

Interestingly, IEEE Std 802.11-2012 seems to say that this would be the
correct thing to do even with non-zero status code. However, that does
not seem to make any sense for the AP to do. This would result in CPU
heavy operations that would not provide any help for actually completing
the authentication successfully due to that non-zero status code. I
think the standard should be fixed instead.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list