| Message ID | 20230410180049.180133-1-prestwoj@gmail.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | eapol: relax (but warn) on secure bit check in handshake 1/4 | expand |
Hi James, On 4/10/23 13:00, James Prestwood wrote: > Hostapd commit bc36991791 now properly sets the secure bit on > message 1/4. This was addressed in an earlier IWD commit but > neglected to allow for backwards compatibility. The check is > fatal which now breaks earlier hostapd version (older than 2.10). > > Instead warn on this condition rather than reject the rekey. > > Fixes: 7fad6590bd ("eapol: allow 'secure' to be set on rekeys") > --- > src/eapol.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) Applied, thanks. Regards, -Denis
diff --git a/src/eapol.c b/src/eapol.c index 3d7d33e0..9471d13e 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -478,8 +478,7 @@ bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek, size_t mic_len, if (ek->key_mic) return false; - if (ek->secure != ptk_complete) - return false; + L_WARN_ON(ek->secure != ptk_complete); if (ek->encrypted_key_data) return false;
Hostapd commit bc36991791 now properly sets the secure bit on message 1/4. This was addressed in an earlier IWD commit but neglected to allow for backwards compatibility. The check is fatal which now breaks earlier hostapd version (older than 2.10). Instead warn on this condition rather than reject the rekey. Fixes: 7fad6590bd ("eapol: allow 'secure' to be set on rekeys") --- src/eapol.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)