Drop EAP packet with code 10 before EAPOL state machine processing

H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code
10 after successful EAP authentication which restarts the EAPOL
state machine. Drop such frames with this unrecognized code without
advancing the EAPOL supplicant or EAP peer state machines to avoid
interoperability issues with the AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Sunil Dutt 2013-09-15 11:29:25 -07:00 committed by Jouni Malinen
parent 3cc247a78f
commit aa78cd338f

View file

@ -1257,6 +1257,24 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
switch (hdr->type) {
case IEEE802_1X_TYPE_EAP_PACKET:
if (sm->conf.workaround) {
/*
* An AP has been reported to send out EAP message with
* undocumented code 10 at some point near the
* completion of EAP authentication. This can result in
* issues with the unexpected EAP message triggering
* restart of EAPOL authentication. Avoid this by
* skipping the message without advancing the state
* machine.
*/
const struct eap_hdr *ehdr =
(const struct eap_hdr *) (hdr + 1);
if (plen >= sizeof(*ehdr) && ehdr->code == 10) {
wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with unknown code 10");
break;
}
}
if (sm->cached_pmk) {
/* Trying to use PMKSA caching, but Authenticator did
* not seem to have a matching entry. Need to restart