From 50b77f50e80fc1e40bf9aa5682a006fa8d278090 Mon Sep 17 00:00:00 2001
From: Srinivas Dasari <dasaris@codeaurora.org>
Date: Wed, 5 Sep 2018 20:26:29 +0530
Subject: [PATCH] DPP: Flush PMKSA if an assoc reject without timeout is
 received

Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 wpa_supplicant/events.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4cdca3491..349f81997 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3969,6 +3969,16 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
 	}
 #endif /* CONFIG_SAE */
 
+#ifdef CONFIG_DPP
+	if (wpa_s->current_ssid &&
+	    wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
+	    !data->assoc_reject.timed_out) {
+		wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
+		wpa_sm_aborted_cached(wpa_s->wpa);
+		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
+	}
+#endif /* CONFIG_DPP */
+
 #ifdef CONFIG_FILS
 	/* Update ERP next sequence number */
 	if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {