Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop

If the first entry in the PMKSA cache did not match the station's MAC
address, an infinite loop could be reached in pmksa_cache_get_okc() when
trying to find a PMKSA cache entry for opportunistic key caching cases.
This would only happen if OKC is enabled (okc=1 included in the
configuration file).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index 4720b59c05b0414a20e08a527a4959de5c30f740..a7a292eaada52be8819b27f678f37494d6b75aad 100644 (file)
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -394,15 +394,13 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
        struct rsn_pmksa_cache_entry *entry;
        u8 new_pmkid[PMKID_LEN];
 
-       entry = pmksa->pmksa;
-       while (entry) {
+       for (entry = pmksa->pmksa; entry; entry = entry->next) {
                if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
                        continue;
                rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
                          wpa_key_mgmt_sha256(entry->akmp));
                if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
                        return entry;
-               entry = entry->next;
        }
        return NULL;
 }