SAE: Flush PMKSA if an assoc reject without timeout is received

Flush the PMKSA upon receiving association reject event without timeout in the event data in SME-in-driver case to avoid trying to use the old PMKSA entry in subsequent connection attempts. Do not flush PMKSA if association reject is received with timeout as it is generated internally from the driver without reaching the AP. This is similar to the SME-in-wpa_supplicant case that was already addressed within sme_event_assoc_reject(). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-10 15:43:28 +05:30 · 2018-05-10 15:43:28 +05:30 · d109aa6cac
parent 46053a4c93
commit d109aa6cac
1 changed files with 12 additions and 0 deletions
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@ -4116,6 +4116,18 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
 		else {
 			const u8 *bssid = data->assoc_reject.bssid;

+#ifdef CONFIG_SAE
+		if (wpa_s->current_ssid &&
+		    wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt) &&
+		    !data->assoc_reject.timed_out) {
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"SAE: Drop PMKSA cache entry");
+			wpa_sm_aborted_cached(wpa_s->wpa);
+			wpa_sm_pmksa_cache_flush(wpa_s->wpa,
+						 wpa_s->current_ssid);
+		}
+#endif /* CONFIG_SAE */
+
 #ifdef CONFIG_FILS
 			/* Update ERP next sequence number */
 			if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS)