From 31b4961f02f222a5446988cd9f5f7d63acdd0508 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 10 Apr 2012 21:30:46 +0300 Subject: Fix EAP/WPS to PSK transition on reassociation in authenticator A station may move from EAP/WPS key_mgmt to PSK using re-association. In practice, this can happen most likely with WPS when the station runs through the provisioning step (EAP/WPS) followed by PSK authentication. If a deauthentication event is missed from the station for whatever reason, the EAPOL authenticator state machine could have been left running. This can result in various issues, including unexpected disconnection of the station while both the 4-way handshake and EAPOL authenticator state machines (EAP) are running at the same time when the supplicant is trying to use PSK. Fix this by explicitly clearing EAPOL authenticator state machine on (re)association if the new association does not use it. Signed-hostap: Jouni Malinen intended-for: hostap-1 --- src/ap/ieee802_1x.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/ap/ieee802_1x.c') diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index a329777..8a25242 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -861,12 +861,22 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta) if (!force_1x && !hapd->conf->ieee802_1x) { wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - " "802.1X not enabled or forced for WPS"); + /* + * Clear any possible EAPOL authenticator state to support + * reassociation change from WPS to PSK. + */ + ieee802_1x_free_station(sta); return; } key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm); if (key_mgmt != -1 && wpa_key_mgmt_wpa_psk(key_mgmt)) { wpa_printf(MSG_DEBUG, "IEEE 802.1X: Ignore STA - using PSK"); + /* + * Clear any possible EAPOL authenticator state to support + * reassociation change from WPA-EAP to PSK. + */ + ieee802_1x_free_station(sta); return; } -- cgit v1.1