aboutsummaryrefslogtreecommitdiffstats
path: root/src/eapol_auth/eapol_auth_sm.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-08-28 13:30:06 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-28 13:30:06 (GMT)
commitdee202024370ff6b5a937322b090680f611c36aa (patch)
tree94331cf1a176fd21d9d4b2174b5b032fe4e05246 /src/eapol_auth/eapol_auth_sm.c
parentf429ec443f4166c747fbf31944f05b51fffbc735 (diff)
downloadhostap-dee202024370ff6b5a937322b090680f611c36aa.zip
hostap-dee202024370ff6b5a937322b090680f611c36aa.tar.gz
hostap-dee202024370ff6b5a937322b090680f611c36aa.tar.bz2
EAPOL auth: clear keyRun in AUTH_PAE INITIALIZE
Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but it looks like this would be logical thing to do here since the EAPOL-Key exchange is not possible in this state. It is possible to get here on disconnection event without advancing to the AUTHENTICATING state to clear keyRun before the IEEE 802.11 RSN authenticator state machine runs and that may advance from AUTHENTICATION2 to INITPMK if keyRun = TRUE has been left from the last association. This can be avoided by clearing keyRun here. It was possible to hit this corner case in the hwsim test case ap_wpa2_eap_eke_server_oom in the case getKey operation was forced to fail memory allocation. The following association resulted in the station getting disconnected when entering INITPMK without going through EAP authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/eapol_auth/eapol_auth_sm.c')
-rw-r--r--src/eapol_auth/eapol_auth_sm.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index f9f91ad..ff33d28 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -198,6 +198,18 @@ SM_STATE(AUTH_PAE, INITIALIZE)
{
SM_ENTRY_MA(AUTH_PAE, INITIALIZE, auth_pae);
sm->portMode = Auto;
+
+ /*
+ * Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but
+ * it looks like this would be logical thing to do here since the
+ * EAPOL-Key exchange is not possible in this state. It is possible to
+ * get here on disconnection event without advancing to the
+ * AUTHENTICATING state to clear keyRun before the IEEE 802.11 RSN
+ * authenticator state machine runs and that may advance from
+ * AUTHENTICATION2 to INITPMK if keyRun = TRUE has been left from the
+ * last association. This can be avoided by clearing keyRun here.
+ */
+ sm->keyRun = FALSE;
}