aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-08-28 13:32:14 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-28 13:32:14 (GMT)
commit43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297 (patch)
tree96969ef9511f59f5cd13d049d2338153e3324b9b /src
parentdee202024370ff6b5a937322b090680f611c36aa (diff)
downloadhostap-43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297.zip
hostap-43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297.tar.gz
hostap-43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297.tar.bz2
EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case
It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from wpa_sm_step() iteration in the case the EAPOL authenticator state machine ended up requesting the station to be disconnected. This resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by using the already running call to process the state change. It was possible to hit this sequence in the hwsim test case ap_wpa2_eap_eke_server_oom. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/wpa_auth.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4fead13..5ebfe5e 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1759,6 +1759,14 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
wpa_remove_ptk(sm);
}
+ if (sm->in_step_loop) {
+ /*
+ * wpa_sm_step() is already running - avoid recursive call to
+ * it by making the existing loop process the new update.
+ */
+ sm->changed = TRUE;
+ return 0;
+ }
return wpa_sm_step(sm);
}