From: Srinivas Dasari <dasaris@codeaurora.org>
Date: Wed, 5 Sep 2018 14:56:29 +0000 (+0530)
Subject: DPP: Flush PMKSA if an assoc reject without timeout is received
X-Git-Tag: hostap_2_7~174
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=50b77f50e80fc1e40bf9aa5682a006fa8d278090;p=thirdparty%2Fhostap.git

DPP: Flush PMKSA if an assoc reject without timeout is received

Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 4cdca3491..349f81997 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3969,6 +3969,16 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
 	}
 #endif /* CONFIG_SAE */
 
+#ifdef CONFIG_DPP
+	if (wpa_s->current_ssid &&
+	    wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
+	    !data->assoc_reject.timed_out) {
+		wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
+		wpa_sm_aborted_cached(wpa_s->wpa);
+		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
+	}
+#endif /* CONFIG_DPP */
+
 #ifdef CONFIG_FILS
 	/* Update ERP next sequence number */
 	if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {