PMF: Do not start SA Query procedure if there is no association
Previous implementation ended up triggering PMF check for previous
association and SA Query procedure incorrectly in cases where there is a
STA entry in hostapd, but that STA is not in associated state. This
resulted in undesired temporary rejection of the association with status
code 30.
This ended up breaking OWE group negotiation when PMF is in use since
the check for the OWE group would have happened only after this earlier
PMF check and rejection (i.e., the station got status code 30 instead of
the expected 77).
For example, when the AP is configured with OWE group 21 and a station
tries groups 19, 20, and 21 (in this sequence), the first two
Association Request frames should be rejected with status code 77.
However, only the first one got that status code while the second one
got status code 30 due to that issue with PMF existing association
check.
Furthermore, hostapd was continuing with SA Query procedure with
unencrypted Action frames in this type of case even though there was no
existing association (and obviously, not an encryption key either).
Fix this by checking that the STA entry is in associated state before
initiating SA Query procedure based on the PMF rules.
projects / thirdparty / hostap.git / commit
