aboutsummaryrefslogtreecommitdiffstats
path: root/src/eapol_supp
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-11-19 19:01:45 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-19 19:16:18 (GMT)
commit25eb7fcbb41c2175b9c558abdfc6261649eecc56 (patch)
tree22142cb8c941172b848111583bbd2f8004690e08 /src/eapol_supp
parentf68d491b0a25b6fc69be24b593975fbd0fe8bac9 (diff)
downloadhostap-25eb7fcbb41c2175b9c558abdfc6261649eecc56.zip
hostap-25eb7fcbb41c2175b9c558abdfc6261649eecc56.tar.gz
hostap-25eb7fcbb41c2175b9c558abdfc6261649eecc56.tar.bz2
Fix EAPOL reauth after FT protocol or offloaded PMKSA cache use
The EAP peer state machine moved from IDLE to FAILURE state when the EAPOL Authenticator triggered reauthentication with an EAP-Request/Identity in a case where the associated started with FT protocol or offloaded PMKSA cache use (4-way handshake using a previously acquired PMK). This happened due to the altSuccess=TRUE setting being left behind and not cleared when processing the restart of authentication. Fix this by clearing altAccept and eapSuccess when going through SUPP_PAE RESTART state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/eapol_supp')
-rw-r--r--src/eapol_supp/eapol_supp_sm.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 09cf4f6..65460fc 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -314,6 +314,16 @@ SM_STATE(SUPP_PAE, RESTART)
{
SM_ENTRY(SUPP_PAE, RESTART);
sm->eapRestart = TRUE;
+ if (sm->altAccept) {
+ /*
+ * Prevent EAP peer state machine from failing due to prior
+ * external EAP success notification (altSuccess=TRUE in the
+ * IDLE state could result in a transition to the FAILURE state.
+ */
+ wpa_printf(MSG_DEBUG, "EAPOL: Clearing prior altAccept TRUE");
+ sm->eapSuccess = FALSE;
+ sm->altAccept = FALSE;
+ }
}