From 8d7aa7565bac828b2c6d40b639333d22e6b6c7be Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 19 Jul 2015 16:29:29 +0300
Subject: [PATCH] EAP server: Force FAILURE if EAP method buildReq fails

Previously, this resulted in unnecessary wait and retransmission of the
previous EAP-Request. Change that to trigger immediate transmission of
EAP-Failure and disconnection since the EAP method cannot really recover
from this state.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_server/eap_server.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index d561ad960..b235a0fba 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -1247,6 +1247,17 @@ SM_STEP(EAP)
 			break;
 		}
 		SM_ENTER(EAP, SEND_REQUEST);
+		if (sm->eap_if.eapNoReq && !sm->eap_if.eapReq) {
+			/*
+			 * This transition is not mentioned in RFC 4137, but it
+			 * is needed to handle cleanly a case where EAP method
+			 * buildReq fails.
+			 */
+			wpa_printf(MSG_DEBUG,
+				   "EAP: Method did not return a request");
+			SM_ENTER(EAP, FAILURE);
+			break;
+		}
 		break;
 	case EAP_METHOD_RESPONSE:
 		/*