From: Jouni Malinen <j@w1.fi>
Date: Sat, 7 May 2022 08:14:50 +0000 (+0300)
Subject: Do not prevent Michael MIC error report based on disallowed PTK0 rekey
X-Git-Tag: hostap_2_11~1936
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6c0e12158bd67782d9d1d6abef83df86531eec8;p=thirdparty%2Fhostap.git

Do not prevent Michael MIC error report based on disallowed PTK0 rekey

EAPOL-Key Request frame with Error=1 is not really a request for a new
key, so allow that frame to be sent even if PTK0 rekey is not allowed
since the supplicant is required to report Michael MIC errors to the
authenticator.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 56352af51..03d99f502 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -186,7 +186,7 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
 	u8 bssid[ETH_ALEN], *rbuf, *key_mic, *mic;
 
 	if (pairwise && sm->wpa_deny_ptk0_rekey && !sm->use_ext_key_id &&
-	    wpa_sm_get_state(sm) == WPA_COMPLETED) {
+	    wpa_sm_get_state(sm) == WPA_COMPLETED && !error) {
 		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
 			"WPA: PTK0 rekey not allowed, reconnecting");
 		wpa_sm_reconnect(sm);