[PATCH] EAPOL auth: Clear reAuthenticate flag when entering AUTHENTICATED state

Remi Pommarel repk at triplefau.lt
Tue Jun 16 08:01:36 PDT 2026


When a station reassociates before the EAP state machine reaches
AUTHENTICATED state (e.g., due to delayed response to the first
Association Request), the reAuthenticate flag may be set (see
ieee802_1x_new_station()).

Since reAuthenticate is only processed after reaching AUTHENTICATED
state, this would cause a AUTH_PAE state machine to be reset and send a
EAP identity request even though the station has already completed EAP
successfully. This is ignored by the station and the 4-way handshake
does not happen.

Clear the reAuthenticate flag when transitioning to AUTHENTICATED
state to ensure any pending re-authentication request from before
authentication completed is discarded.

Signed-off-by: Remi Pommarel <repk at triplefau.lt>
---
 src/eapol_auth/eapol_auth_sm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index af962eefe..5e702aeff 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -314,6 +314,7 @@ SM_STATE(AUTH_PAE, AUTHENTICATED)
 	sm->authPortStatus = Authorized;
 	setPortAuthorized();
 	sm->reAuthCount = 0;
+	sm->reAuthenticate = false;
 	if (sm->flags & EAPOL_SM_PREAUTH)
 		extra = " (pre-authentication)";
 	else if (sm->flags & EAPOL_SM_FROM_PMKSA_CACHE)
-- 
2.52.0




More information about the Hostap mailing list