diff options
authorJouni Malinen <j@w1.fi>2010-05-01 14:35:28 (GMT)
committerJouni Malinen <j@w1.fi>2010-10-04 06:35:08 (GMT)
commit1ab0b31aa626b6cb330628e7a281c5771dd5b851 (patch)
parentfb91cf5b56b43344bb6dfe208c458f2ffb253377 (diff)
Fix fallback from failed PMKSA caching into full EAP authentication
Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced disconnection in case of 4-way handshake failures. However, it should not have changed the case where the supplicant is requesting fallback to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is not know. This case needs to send an EAPOL-Start frame instead of EAPOL-Key message 2/4. This works around a problem with APs that try to force PMKSA caching even when the client does not include PMKID in (re)association request frame to request it. [Bug 355] (cherry picked from commit b4a1256d3660a2b5239062a9b42de79b8a34286a) (cherry picked from commit a5277ad2a182e0264715533c11ed9a90296298e4)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e611fc5..67fdb3f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -285,6 +285,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
buf, buflen);
+ return -2;
return -1;
@@ -380,6 +381,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
struct wpa_eapol_ie_parse ie;
struct wpa_ptk *ptk;
u8 buf[8];
+ int res;
if (wpa_sm_get_network_ctx(sm) == NULL) {
wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
@@ -407,7 +409,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
#endif /* CONFIG_NO_WPA2 */
- if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
+ res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
+ if (res == -2) {
+ wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
+ "requesting full EAP authentication");
+ return;
+ }
+ if (res)
goto failed;
if (sm->renew_snonce) {