From: Jouni Malinen <j@w1.fi>
Date: Sun, 7 Jul 2024 09:11:06 +0000 (+0300)
Subject: SAE: Clear rejected groups list on completing authentication
X-Git-Tag: hostap_2_11~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d944ef1c01863cb743c29b9f4e93e87ab2c97f96;p=thirdparty%2Fhostap.git

SAE: Clear rejected groups list on completing authentication

The rejected groups list is valid only during each individual SAE
authentication instance and it should not be maintained between separate
instances. In particular, it should not be maintained when roaming to
another AP since the APs might use different configuration for the
allowed SAE groups.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 0700ae61d..013c2453b 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1873,6 +1873,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 
 		wpa_s->sme.sae.state = SAE_ACCEPTED;
 		sae_clear_temp_data(&wpa_s->sme.sae);
+		wpa_s_clear_sae_rejected(wpa_s);
 
 		if (external) {
 			/* Report success to driver */