SAE H2E: Fix validation of rejected groups list

check_sae_rejected_groups() returns 1, not -1, in case an enabled group is rejected. The previous check for < 0 could not have ever triggered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2024-11-25 00:38:24 -05:00 · 2019-12-07 00:28:13 +02:00 · 2019-12-07 00:28:13 +02:00 · c88e01e1b6
commit c88e01e1b6
parent b834e97003
2 changed files with 2 additions and 2 deletions
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@ -1280,7 +1280,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,

 		if (sta->sae->tmp &&
 		    check_sae_rejected_groups(
-			    hapd, sta->sae->tmp->peer_rejected_groups) < 0) {
+			    hapd, sta->sae->tmp->peer_rejected_groups)) {
 			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 			goto remove_sta;
 		}
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@ -1263,7 +1263,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 		if (wpa_s->sme.sae.tmp &&
 		    sme_check_sae_rejected_groups(
 			    wpa_s,
-			    wpa_s->sme.sae.tmp->peer_rejected_groups) < 0)
+			    wpa_s->sme.sae.tmp->peer_rejected_groups))
 			return -1;

 		if (sae_process_commit(&wpa_s->sme.sae) < 0) {