Discard EAPOL-Key Request frames during 4-way handshake
While the Authenticator state machine conditions are already checking for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any EAPOL-Key Request frame that is received unexpectedly during a 4-way handshake. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
8037c1ad61
commit
0967940885
1 changed files with 10 additions and 0 deletions
|
@ -1437,6 +1437,16 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
|||
}
|
||||
break;
|
||||
case REQUEST:
|
||||
if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
|
||||
sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
|
||||
sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
|
||||
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
|
||||
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||
LOGGER_INFO,
|
||||
"received EAPOL-Key Request in invalid state (%d) - dropped",
|
||||
sm->wpa_ptk_state);
|
||||
goto out;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue