DPP: Flush PMKSA if an assoc reject without timeout is received

Flush the PMKSA upon receiving assoc reject event without timeout
in the event data, to avoid trying the subsequent connections
with the old PMKID. Do not flush PMKSA if assoc reject is
received with timeout as it is generated internally from the
driver without reaching the AP.

This extends commit d109aa6cac ("SAE:
Flush PMKSA if an assoc reject without timeout is received") to handle
also the DPP AKM.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Srinivas Dasari 2018-09-05 20:26:29 +05:30 committed by Jouni Malinen
parent 60377efcc1
commit 50b77f50e8

View file

@ -3969,6 +3969,16 @@ static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
} }
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
#ifdef CONFIG_DPP
if (wpa_s->current_ssid &&
wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
!data->assoc_reject.timed_out) {
wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
wpa_sm_aborted_cached(wpa_s->wpa);
wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
}
#endif /* CONFIG_DPP */
#ifdef CONFIG_FILS #ifdef CONFIG_FILS
/* Update ERP next sequence number */ /* Update ERP next sequence number */
if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) { if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {