[PATCH 1/1] WPA: Delay processing of EAPOL-key 1/4 MSG

[Jithu Jance]

Sometimes EAPOL-key 1/4 message is received
before the reassoc event(from Driver roaming).
Delay the processing of EAPOL to let the re-assoc
info get updated properly.

Signed-hostap: Jithu Jance <jithu at broadcom.com>
---
 src/rsn_supp/wpa.c |   27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 292255c..5db0a6f 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1720,6 +1720,33 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
 		goto out;
 	}

+	/*
+	 * There is possible race condition between receiving the
+	 * association event and the EAPOL frame since they are coming
+	 * through different paths from the driver. In order to avoid
+	 * issues in trying to process the EAPOL frame before receiving
+	 * association information, lets queue it for processing until
+	 * the association event is received.
+	 */
+	if (!peer_key && (key_info & WPA_KEY_INFO_KEY_TYPE) &&
+		!(key_info & WPA_KEY_INFO_MIC) &&
+		(supp->wpa_state == WPA_COMPLETED)) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+			"WPA: EAPOL-Key 1/4 is received in WPA_COMPLETED state - Delay"
+			"processing of received EAPOL frame");
+		wpabuf_free(supp->pending_eapol_rx);
+		supp->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
+
+		if (supp->pending_eapol_rx) {
+			os_get_time(&supp->pending_eapol_rx_time);
+			os_memcpy(supp->pending_eapol_rx_src,src_addr, ETH_ALEN);
+		} else {
+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+					"WPA: memalloc failed for pending_eapol_rx. Dropping packet");
+		}
+		goto out;
+	}
+
 	if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
 #ifdef CONFIG_PEERKEY
 	    && (peerkey == NULL || !peerkey->initiator)
--
1.7.9.5