Problem Description:
When hostapd is used to operate an access point with SAE
(Simultaneous Authentication of Equals; also known as WPA3-Personal),
an invalid authentication sequence could result in the hostapd process
terminating due to a NULL pointer dereference when processing SAE
confirm message. This was caused by missing state validation steps
when processing the SAE confirm message in hostapd/AP mode.
See
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
for a detailed description of the bug.
Impact:
All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).