Do prune_association only after the STA is authorized

Prune-associations should be done only after the new station is
authorized. Otherwise any STA can cause denial of service to connected
stations in PMF case when more than a single interface is being
controlled by the same hostapd process.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
This commit is contained in:
Adil Saeed Musthafa 2023-05-11 11:43:02 -07:00 committed by Jouni Malinen
parent a2c09eb95e
commit e978072baa
2 changed files with 4 additions and 3 deletions

View file

@ -3339,7 +3339,6 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
return;
}
hostapd_prune_associations(hapd, sta->addr);
ap_sta_clear_disconnect_timeouts(hapd, sta);
sta->post_csa_sa_query = 0;

View file

@ -1280,10 +1280,12 @@ void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
return;
if (authorized)
if (authorized) {
hostapd_prune_associations(hapd, sta->addr);
sta->flags |= WLAN_STA_AUTHORIZED;
else
} else {
sta->flags &= ~WLAN_STA_AUTHORIZED;
}
#ifdef CONFIG_P2P
if (hapd->p2p_group == NULL) {