P2P: Clear PEER_WAITING_RESPONSE on GO Negotiation success

Previously, this flag was cleared only in case of failed GO Negotiation.
That could leave the flag set for a peer and if a new group formation
was performed with the same peer before the entry expired, there was
increased risk of getting stuck in a state where neither peer replied to
a GO Negotiation Request frame if a GO Negotiation Response frame with
Status 1 was dropped.

The error sequence could happen in the go_neg_with_bss_connected test
case when timing was suitable to make the second GO negotiation drop a
pending TX Action frame if the GO Negotiation Response with Status 1 was
scheduled for transmission during a P2P scan and P2P_CONNECT was issued
before that scan got aborted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index cd2fba334680c5dc8ee97b5db6f934152d9cbd29..170e4778a2b31ed7e6d9c1ea50e122c094071403 100644 (file)
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -1833,6 +1833,7 @@ void p2p_go_complete(struct p2p_data *p2p, struct p2p_device *peer)
        p2p_clear_timeout(p2p);
        p2p->ssid_set = 0;
        peer->go_neg_req_sent = 0;
+       peer->flags &= ~P2P_DEV_PEER_WAITING_RESPONSE;
        peer->wps_method = WPS_NOT_READY;
        peer->oob_pw_id = 0;
        wpabuf_free(peer->go_neg_conf);