From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 6 Mar 2015 16:40:28 +0000 (+0200)
Subject: Clear RSN timers for preauth and PTK rekeying on disassociation
X-Git-Tag: hostap_2_4~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac8e074ec14583a7265fe711cb369b8dad1f099d;p=thirdparty%2Fhostap.git

Clear RSN timers for preauth and PTK rekeying on disassociation

Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.

It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index b892a66da..37e4b3561 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2282,6 +2282,8 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
  */
 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
 {
+	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
+	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
 	peerkey_deinit(sm);
 	rsn_preauth_deinit(sm);
 	pmksa_cache_clear_current(sm);