[PATCH] Use SA Query for 4-way handshake timeout

[James Herbert]

When an AP fails to receive message 4 of the 4-way handshake, the station has
completed association but the AP has not. The AP sends an unprotected deauth
frame to the station with a reason code of WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT,
but the station's WPA state is WPA_COMPLETED so it ignores unprotected deauth
frames that do not have a reason code of
WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA or
WLAN_REASON_CLASS3_FRAME_FROM_NONAUTH_STA. The station becomes stuck in an
invalid state.

Add WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT to the list of reason codes for deauth
frames that can be verified by using SA Query.

Signed-off-by: James Herbert <james.herbert at morsemicro.com>
---
 wpa_supplicant/sme.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 9b083cddd..6a335b5cb 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -3497,7 +3497,8 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
 	if (!ether_addr_equal(sa, wpa_s->bssid))
 		return;
 	if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
-	    reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
+	    reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA &&
+	    reason_code != WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT)
 		return;
 	if (wpa_s->sme.sa_query_count > 0)
 		return;
-- 
2.25.1