Skip GTK rekeying request if rekeying already in process

Do not start yet another rekeying of GTK when receiving an EAPOL-Key
request frame at the point when the GTK is already being rekeyed. This
fixes issues where the AP might end up configuring a different GTK than
the one it sends to the associated stations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 59cd46aa4601b8274af5ec0d2b70176c3bd33d15..6c4b737c851cfd6686e9accbbf56fb94aa85ff47 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1001,6 +1001,18 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
 }
 
 
+static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth)
+{
+       struct wpa_group *group;
+
+       for (group = wpa_auth->group; group; group = group->next) {
+               if (group->GKeyDoneStations)
+                       return true;
+       }
+       return false;
+}
+
+
 void wpa_receive(struct wpa_authenticator *wpa_auth,
                 struct wpa_state_machine *sm,
                 u8 *data, size_t data_len)
@@ -1368,7 +1380,11 @@ continue_processing:
                        wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
                                        "received EAPOL-Key Request for GTK rekeying");
                        eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
-                       wpa_rekey_gtk(wpa_auth, NULL);
+                       if (wpa_auth_gtk_rekey_in_process(wpa_auth))
+                               wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG,
+                                               "skip new GTK rekey - already in process");
+                       else
+                               wpa_rekey_gtk(wpa_auth, NULL);
                }
        } else {
                /* Do not allow the same key replay counter to be reused. */