Fix EAPOL processing when STA switches between multi-BSSes

There was an issue with EAPOL frame exchanges in a multi-BSS
configuration when a station switches between the BSSes controlled by
the same hostapd process. When processing the EAPOL packet, the array of
virtual APs (iface->bss) is searched looking for the station that sent
the packet in order to identify which signal context should be used
during processing. The first match of the station in its list gets used
in the ieee802_1x_receive() function. However, even after a station has
disassociated, it remains in the list of stations pending an inactivity
timeout. This leads to the wrong hapd context (one where the station had
already disassociated) being used in some cases (if the current/active
bss entry appears in the list after one where the station has just
disassociated from) for EAPOL processing.

Fix this by checking the WLAN_STA_ASSOC flag before assuming the right
hapd context was found for the given station.

Signed-hostap: David Bird <dbird@powercloudsystems.com>
intended-for: hostap-1

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 23fa241acd333ac80a57639536fd1f57ca17a1af..5517294f07045f76204bf722465924f3d54a22fb 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -672,12 +672,15 @@ static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src,
                                   const u8 *data, size_t data_len)
 {
        struct hostapd_iface *iface = hapd->iface;
+       struct sta_info *sta;
        size_t j;
 
        for (j = 0; j < iface->num_bss; j++) {
-               if (ap_get_sta(iface->bss[j], src)) {
-                       hapd = iface->bss[j];
-                       break;
+               if ((sta = ap_get_sta(iface->bss[j], src))) {
+                       if (sta->flags & WLAN_STA_ASSOC) {
+                               hapd = iface->bss[j];
+                               break;
+                       }
                }
        }