From 59f67b2010d30049c71e578b93043fb457eecee5 Mon Sep 17 00:00:00 2001
From: Rany Hany <rany_hany@riseup.net>
Date: Fri, 5 Jan 2024 19:01:40 +0200
Subject: [PATCH] hostapd: fail R0KH and R1KH derivation when wpa_psk_file is
 used

When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.

Signed-off-by: Rany Hany <rany_hany@riseup.net>
---
 package/network/services/hostapd/files/hostapd.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index ca95fcf70f..1a664abbf2 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -943,6 +943,10 @@ hostapd_set_bss_options() {
 				set_default pmk_r1_push 0
 
 				[ -n "$r0kh" -a -n "$r1kh" ] || {
+					if [ -z "$auth_secret" -a -z "$key" ]; then
+						wireless_setup_vif_failed FT_KEY_CANT_BE_DERIVED
+						return 1
+					fi
 					ft_key=`echo -n "$mobility_domain/${auth_secret:-${key}}" | md5sum | awk '{print $1}'`
 
 					set_default r0kh "ff:ff:ff:ff:ff:ff,*,$ft_key"
-- 
2.30.2