From a9fed5f5b5503f286c2ed34e5fc637776587bcdb Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 2 Nov 2020 18:46:35 +0200
Subject: [PATCH] Avoid undefined behavior with memcpy PMK/PSK update

When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/ap/wpa_auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 9d74bfcd7..82a97468d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3145,7 +3145,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 	sm->pending_1_of_4_timeout = 0;
 	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
 
-	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
 		/* PSK may have changed from the previous choice, so update
 		 * state machine data based on whatever PSK was selected here.
 		 */