Do not prevent Michael MIC error report based on disallowed PTK0 rekey

EAPOL-Key Request frame with Error=1 is not really a request for a new
key, so allow that frame to be sent even if PTK0 rekey is not allowed
since the supplicant is required to report Michael MIC errors to the
authenticator.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 56352af512560baf0e791aeca74fa0e754657cdf..03d99f5023c3516ffb9b4e141dc3dbed84ff5f18 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -186,7 +186,7 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
        u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic;
 
        if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
-           wpa_sm_get_state(sm) == WPA_COMPLETED) {
+           wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
                wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
                        "WPA: PTK0 rekey not allowed, reconnecting");
                wpa_sm_reconnect(sm);