Merge branch 'bugfix/owe_assoc_resp_fail_v5.1' into 'master'

Fix association response processing in OWE See merge request espressif/esp-idf!23099
espressif · Apr 7, 2023 · 420ebd2 · 420ebd2
2 parents 796250c + c046ddd
commit 420ebd2
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -53,7 +53,7 @@
 struct wpa_sm gWpaSm;
 /* fix buf for tx for now */
 #define WPA_TX_MSG_BUFF_MAXLEN 200
-#define MIN_DH_LEN 4
+#define MIN_DH_LEN(len) (len < 4)
 
 #define ASSOC_IE_LEN 24 + 2 + PMKID_LEN + RSN_SELECTOR_LEN
 #define MAX_EAPOL_RETRIES 3
@@ -2833,12 +2833,20 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i
     if (rsn_ie && rsn_len && wpa_parse_wpa_ie_rsn(rsn_ie, rsn_len + 2, parsed_rsn_data) != 0) {
         goto fail;
     }
-    if (!dh_ie || dh_len < MIN_DH_LEN || parsed_rsn_data->num_pmkid == 0) {
-        wpa_printf(MSG_ERROR, "OWE: Invalid parameter");
+
+    if (dh_ie && MIN_DH_LEN(dh_len)) {
+        wpa_printf(MSG_ERROR, "OWE: Invalid Diffie Hellman IE");
+        goto fail;
+    }
+    if (!dh_ie && parsed_rsn_data->num_pmkid == 0) {
+        wpa_printf(MSG_ERROR, "OWE: Assoc response should either have pmkid or DH IE");
         goto fail;
     }
 
     if (!sm->cur_pmksa) { /* No PMK caching */
+        if (dh_ie == NULL) {
+            goto fail;
+        }
         dh_len += 2;
 
         dh_ie += 3;