Drop EAP packet with code 10 before EAPOL state machine processing
H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code 10 after successful EAP authentication which restarts the EAPOL state machine. Drop such frames with this unrecognized code without advancing the EAPOL supplicant or EAP peer state machines to avoid interoperability issues with the AP. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
3cc247a78f
commit
aa78cd338f
1 changed files with 18 additions and 0 deletions
|
@ -1257,6 +1257,24 @@ int eapol_sm_rx_eapol(struct eapol_sm *sm, const u8 *src, const u8 *buf,
|
|||
|
||||
switch (hdr->type) {
|
||||
case IEEE802_1X_TYPE_EAP_PACKET:
|
||||
if (sm->conf.workaround) {
|
||||
/*
|
||||
* An AP has been reported to send out EAP message with
|
||||
* undocumented code 10 at some point near the
|
||||
* completion of EAP authentication. This can result in
|
||||
* issues with the unexpected EAP message triggering
|
||||
* restart of EAPOL authentication. Avoid this by
|
||||
* skipping the message without advancing the state
|
||||
* machine.
|
||||
*/
|
||||
const struct eap_hdr *ehdr =
|
||||
(const struct eap_hdr *) (hdr + 1);
|
||||
if (plen >= sizeof(*ehdr) && ehdr->code == 10) {
|
||||
wpa_printf(MSG_DEBUG, "EAPOL: Ignore EAP packet with unknown code 10");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (sm->cached_pmk) {
|
||||
/* Trying to use PMKSA caching, but Authenticator did
|
||||
* not seem to have a matching entry. Need to restart
|
||||
|
|
Loading…
Reference in a new issue