EAPOL auth: clear keyRun in AUTH_PAE INITIALIZE
Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but it looks like this would be logical thing to do here since the EAPOL-Key exchange is not possible in this state. It is possible to get here on disconnection event without advancing to the AUTHENTICATING state to clear keyRun before the IEEE 802.11 RSN authenticator state machine runs and that may advance from AUTHENTICATION2 to INITPMK if keyRun = TRUE has been left from the last association. This can be avoided by clearing keyRun here. It was possible to hit this corner case in the hwsim test case ap_wpa2_eap_eke_server_oom in the case getKey operation was forced to fail memory allocation. The following association resulted in the station getting disconnected when entering INITPMK without going through EAP authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
f429ec443f
commit
dee2020243
1 changed files with 12 additions and 0 deletions
|
@ -198,6 +198,18 @@ SM_STATE(AUTH_PAE, INITIALIZE)
|
|||
{
|
||||
SM_ENTRY_MA(AUTH_PAE, INITIALIZE, auth_pae);
|
||||
sm->portMode = Auto;
|
||||
|
||||
/*
|
||||
* Clearing keyRun here is not specified in IEEE Std 802.1X-2004, but
|
||||
* it looks like this would be logical thing to do here since the
|
||||
* EAPOL-Key exchange is not possible in this state. It is possible to
|
||||
* get here on disconnection event without advancing to the
|
||||
* AUTHENTICATING state to clear keyRun before the IEEE 802.11 RSN
|
||||
* authenticator state machine runs and that may advance from
|
||||
* AUTHENTICATION2 to INITPMK if keyRun = TRUE has been left from the
|
||||
* last association. This can be avoided by clearing keyRun here.
|
||||
*/
|
||||
sm->keyRun = FALSE;
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue