From: Jouni Malinen <j@w1.fi>
Date: Sun, 28 Jan 2024 16:32:03 +0000 (+0200)
Subject: Discard EAPOL-Key Request frames during 4-way handshake
X-Git-Tag: hostap_2_11~402
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09679408850ad1fa9eba6a979421b44b9544ecf4;p=thirdparty%2Fhostap.git

Discard EAPOL-Key Request frames during 4-way handshake

While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index cc2f1393d..b07f13647 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1437,6 +1437,16 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 		}
 		break;
 	case REQUEST:
+		if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
+		    sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
+		    sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
+		    sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
+			wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
+					 LOGGER_INFO,
+					 "received EAPOL-Key Request in invalid state (%d) - dropped",
+					 sm->wpa_ptk_state);
+			goto out;
+		}
 		break;
 	}