[PATCH] hostapd: Disassociate client after SA timeout

[Jan Fuchs]

In case of a dot11AssociationSAQueryMaximumTimeout and according to
"Note 3" in IEEE-802.11-2020 "11.3.5.3 AP or PCP association receipt
procedures" enumeration "j)" (page 2135), hostapd shall send a protected
disassocation with ReasonCode "INVALID_AUTHENTICATION".  This is needed
when a forged packet (e.g. Re-Assocication Request) is getting injected
during a longer power save of the station, where the station is not able
to answer the SA queries. This could lead to a situation, where the AP
removes the STA due to SA Query Maximum Timeout, while the station
(after waking up again) believes it's still associated with this AP. To
prevent this, a protected disassociation by the AP is sent out telling
the station its association is no longer valid.

Signed-off-by: Jan Fuchs <jf at simonwunderlich.de>
---
 src/ap/sta_info.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index ccd1ed931..d062a61e8 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1159,6 +1159,12 @@ int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
 		sta->sa_query_trans_id = NULL;
 		sta->sa_query_count = 0;
 		eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
+
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+			       HOSTAPD_LEVEL_INFO,
+			       "disconnected due to SA Query max timeout");
+		hostapd_drv_sta_disassoc(hapd, sta->addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
+		ap_sta_disassociate(hapd, sta, WLAN_REASON_PREV_AUTH_NOT_VALID);
 		return 1;
 	}
 
-- 
2.35.1