[PATCH] EAPOL auth: Clear reAuthenticate flag when entering AUTHENTICATED state
Remi Pommarel
repk at triplefau.lt
Tue Jun 16 08:01:36 PDT 2026
When a station reassociates before the EAP state machine reaches
AUTHENTICATED state (e.g., due to delayed response to the first
Association Request), the reAuthenticate flag may be set (see
ieee802_1x_new_station()).
Since reAuthenticate is only processed after reaching AUTHENTICATED
state, this would cause a AUTH_PAE state machine to be reset and send a
EAP identity request even though the station has already completed EAP
successfully. This is ignored by the station and the 4-way handshake
does not happen.
Clear the reAuthenticate flag when transitioning to AUTHENTICATED
state to ensure any pending re-authentication request from before
authentication completed is discarded.
Signed-off-by: Remi Pommarel <repk at triplefau.lt>
---
src/eapol_auth/eapol_auth_sm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
index af962eefe..5e702aeff 100644
--- a/src/eapol_auth/eapol_auth_sm.c
+++ b/src/eapol_auth/eapol_auth_sm.c
@@ -314,6 +314,7 @@ SM_STATE(AUTH_PAE, AUTHENTICATED)
sm->authPortStatus = Authorized;
setPortAuthorized();
sm->reAuthCount = 0;
+ sm->reAuthenticate = false;
if (sm->flags & EAPOL_SM_PREAUTH)
extra = " (pre-authentication)";
else if (sm->flags & EAPOL_SM_FROM_PMKSA_CACHE)
--
2.52.0
More information about the Hostap
mailing list