[PATCH] Ignore RSNX IE if the scan result does not contain one.
Johannes Berg
johannes at sipsolutions.net
Mon Dec 15 00:23:37 PST 2025
On Sat, 2025-12-13 at 18:42 +0200, Jouni Malinen wrote:
> On Sat, Jul 19, 2025 at 11:49:33PM +0300, Stefan Dösinger wrote:
> > This fixes a regression introduced in wpa_supplicant 2.10 that prevents
> > ipw2x00 cards from connecting to mixed WPA2/3 networks.
> >
> > The driver does not handle WLAN_EID_RSNX elements (see libipw_rx.c,
> > libipw_parse_info_param), but my WPA2/3 mixed mode AP operated by
> > hostapd on OpenWRT sends it in EAPOL, which is handled by wpa_supplicant
> > without driver involvement.
>
> This would open security vulnerabilities and as such, is not really
> acceptable in this form. This should be fixed in the driver. If a driver
> that does not support RSNXE at all cannot be fixed but is still in wide
> use, this type of workaround could be justified if a driver capability
> indication were added to explicitly note that the driver has this type
> of condition. Without such constraint, I don't think wpa_supplicant
> should skip this type of a mandatory security validation item.
Agree. As for ipw, I'm not sure why that function matters, it just has
to report to wpa_s? Pretty sure the driver could, relatively easily, be
fixed.
johannes
More information about the Hostap
mailing list