Discard EAPOL-Key Request frames during 4-way handshake

While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2024-01-28 18:32:03 +02:00
parent 8037c1ad61
commit 0967940885

View file

@ -1437,6 +1437,16 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
}
break;
case REQUEST:
if (sm->wpa_ptk_state == WPA_PTK_PTKSTART ||
sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING ||
sm->wpa_ptk_state == WPA_PTK_PTKCALCNEGOTIATING2 ||
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
LOGGER_INFO,
"received EAPOL-Key Request in invalid state (%d) - dropped",
sm->wpa_ptk_state);
goto out;
}
break;
}