AP: Fix infinite loop in WPA state machine when out of random bytes

When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.

Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

src/ap/wpa_auth.c

@@ -1598,6 +1598,7 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
 	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
 
 	wpa_group_ensure_init(sm->wpa_auth, sm->group);
+	sm->ReAuthenticationRequest = FALSE;
 
 	/*
 	 * Definition of ANonce selection in IEEE Std 802.11i-2004 is somewhat
@@ -1611,12 +1612,11 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
 	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
 		wpa_printf(MSG_ERROR, "WPA: Failed to get random data for "
 			   "ANonce.");
-		wpa_sta_disconnect(sm->wpa_auth, sm->addr);
+		sm->Disconnect = TRUE;
 		return;
 	}
 	wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,
 		    WPA_NONCE_LEN);
-	sm->ReAuthenticationRequest = FALSE;
 	/* IEEE 802.11i does not clear TimeoutCtr here, but this is more
 	 * logical place than INITIALIZE since AUTHENTICATION2 can be
 	 * re-entered on ReAuthenticationRequest without going through