It was possible for interworking_find_network_match() to find a possible
BSS match in a case where more thorough checks in
wpa_supplicant_select_bss() reject network. This itself is fine, in
general, but when combined with wpa_supplicant_fast_associate()
optimization and auto_interworking=1, this resulted in a busy loop of up
to five seconds and a possible stack overflow due to recursion in that
loop.
Fix this by limiting the Interworking wpa_supplicant_fast_associate()
call to be used only once per scan iteration, so that new scan
operations can be completed before going through the scan results again.
Signed-off-by: Jouni Malinen <j@w1.fi>
static void interworking_reconnect(struct wpa_supplicant *wpa_s)
{
+ unsigned int tried;
+
if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
wpa_supplicant_cancel_sched_scan(wpa_s);
wpa_supplicant_deauthenticate(wpa_s,
}
wpa_s->disconnected = 0;
wpa_s->reassociate = 1;
+ tried = wpa_s->interworking_fast_assoc_tried;
+ wpa_s->interworking_fast_assoc_tried = 1;
- if (wpa_supplicant_fast_associate(wpa_s) >= 0)
+ if (!tried && wpa_supplicant_fast_associate(wpa_s) >= 0)
return;
+ wpa_s->interworking_fast_assoc_tried = 0;
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
wpa_supplicant_req_scan(wpa_s, 1, 0);
} else {
wpa_s->scan_for_connection = 0;
+#ifdef CONFIG_INTERWORKING
+ wpa_s->interworking_fast_assoc_tried = 0;
+#endif /* CONFIG_INTERWORKING */
}
}
unsigned int network_select:1;
unsigned int auto_select:1;
unsigned int auto_network_select:1;
+ unsigned int interworking_fast_assoc_tried:1;
unsigned int fetch_all_anqp:1;
unsigned int fetch_osu_info:1;
unsigned int fetch_osu_waiting_scan:1;
projects / thirdparty / hostap.git / commitdiff
