Discard EAPOL-Key Request frames during 4-way handshake

While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index cc2f1393d0df19953e2fd8b8c5e86f66ef2f49f9..b07f1364712ef0d811920932a427d0d4a4f772e2 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1437,6 +1437,16 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
                }
                break;
        case REQUEST:
+               if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
+                   sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
+                   sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
+                   sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
+                       wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
+                                        LOGGER_INFO,
+                                        "received EAPOL-Key Request in invalid state (%d) - dropped",
+                                        sm->wpa_ptk_state);
+                       goto out;
+               }
                break;
        }