SAE: Clear rejected groups list on completing authentication

The rejected groups list is valid only during each individual SAE
authentication instance and it should not be maintained between separate
instances. In particular, it should not be maintained when roaming to
another AP since the APs might use different configuration for the
allowed SAE groups.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 0700ae61db6f89296ec6c7e3d1379b8f25eb20bc..013c2453b445e7ce29df9a1babd95ae4cc91c653 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1873,6 +1873,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 
                wpa_s->sme.sae.state = SAE_ACCEPTED;
                sae_clear_temp_data(&wpa_s->sme.sae);
+               wpa_s_clear_sae_rejected(wpa_s);
 
                if (external) {
                        /* Report success to driver */