DPP: Flush PMKSA if an assoc reject without timeout is received

Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4cdca349118cd64bd0e6a5fe7f930c45dbc3f894..349f819975a5890dbb3706923698a257b2e8a201 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3969,6 +3969,16 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
        }
 #endif /* CONFIG_SAE */
 
+#ifdef CONFIG_DPP
+       if (wpa_s->current_ssid &&
+           wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
+           !data->assoc_reject.timed_out) {
+               wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
+               wpa_sm_aborted_cached(wpa_s->wpa);
+               wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
+       }
+#endif /* CONFIG_DPP */
+
 #ifdef CONFIG_FILS
        /* Update ERP next sequence number */
        if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {