From 43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 28 Aug 2015 16:32:14 +0300 Subject: [PATCH] EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from wpa_sm_step() iteration in the case the EAPOL authenticator state machine ended up requesting the station to be disconnected. This resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by using the already running call to process the state change. It was possible to hit this sequence in the hwsim test case ap_wpa2_eap_eke_server_oom. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 4fead13a1..5ebfe5e18 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1759,6 +1759,14 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) wpa_remove_ptk(sm); } + if (sm->in_step_loop) { + /* + * wpa_sm_step() is already running - avoid recursive call to + * it by making the existing loop process the new update. + */ + sm->changed = TRUE; + return 0; + } return wpa_sm_step(sm); }