[PATCH] ap/drv_callbacks: in hostapd_notif_assoc, !ACCEPT ≠ REJECT

Derrick Pallas pallas at meraki.com
Mon Oct 24 17:05:20 PDT 2016

The commit

	hostapd: Process MAC ACLs on a station association event (SME in driver)

added a MAC ACL check to hostapd_notif_assoc.  This check disconnects the
client if the response is not ACCEPT, but the function can actually return
PENDING too, as in the case of 802.1x MAC-based auth.  It feels like the
author probably meant to disconnect the client if the response is REJECT,
but not ACCEPT or PENDING instead.

Signed-off-by: Derrick Pallas <pallas at meraki.com>
 src/ap/drv_callbacks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 3552b3e..f065995 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -124,7 +124,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
 	 * conflicting ACL rules.
 	if (hapd->iface->drv_max_acl_mac_addrs == 0 &&
-	    hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) {
+	    hostapd_check_acl(hapd, addr, NULL) == HOSTAPD_ACL_REJECT) {
 		wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect",

More information about the Hostap mailing list