eap_proxy: On SIM error flush PMKSAs only for SIM/AKA/AKA' networks

Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA entries (including non-SIM networks). Limit this to networks which use SIM-based authentication methods to avoid unnecessarily removal of PMKSA entries. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-29 12:21:33 +05:30 · 2016-12-29 12:21:33 +05:30 · c167662d73
commit c167662d73
parent 6c7a7c7996
1 changed files with 29 additions and 1 deletions
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@ -10,6 +10,7 @@
 #include "common.h"
 #include "eapol_supp/eapol_supp_sm.h"
 #include "eap_peer/eap.h"
 #include "rsn_supp/wpa.h"
 #include "eloop.h"
 #include "config.h"
@ -911,6 +912,33 @@ static void wpa_supplicant_eap_proxy_cb(void *ctx)
 }
 static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s)
 {
 	int i;
 	struct wpa_ssid *ssid;
 	const struct eap_method_type *eap_methods;
 	if (!wpa_s->conf)
 		return;
 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)	{
 		eap_methods = ssid->eap.eap_methods;
 		if (!eap_methods)
 			continue;
 		for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) {
 			if (eap_methods[i].vendor == EAP_VENDOR_IETF &&
 			    (eap_methods[i].method == EAP_TYPE_SIM ||
 			     eap_methods[i].method == EAP_TYPE_AKA ||
 			     eap_methods[i].method == EAP_TYPE_AKA_PRIME)) {
 				wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
 				break;
 			}
 		}
 	}
 }
 static void
 wpa_supplicant_eap_proxy_notify_sim_status(void *ctx,
 					   enum eap_proxy_sim_state sim_state)
@ -920,7 +948,7 @@ wpa_supplicant_eap_proxy_notify_sim_status(void *ctx,
 	wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state);
 	switch (sim_state) {
 	case SIM_STATE_ERROR:
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
+		wpa_sm_sim_state_error_handler(wpa_s);
 		break;
 	default:
 		wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown");