Fix WPA GTK rekeying with multiple VLANs

When using multiple VLANs, GKeyDoneStations counter is not updated
properly since wpa_auth_for_each_sta() call in wpa_group_setkeys() ends
up iterating through all STAs and not just the STAs of a specific
wpa_group (VLAN). Consequently, GTK rekeying gets initialized multiple
times if more than a single group state machine exists. Fix this by
iterating only through the STAs in the specific wpa_group.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
intended-for: hostap-1

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 374b0a4..fd69081 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2444,6 +2444,9 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
 
 static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
 {
+       if (ctx != NULL && ctx != sm->group)
+               return 0;
+
        if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
                wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
                                "Not in PTKINITDONE; skip Group Key update");
@@ -2630,7 +2633,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
                           group->GKeyDoneStations);
                group->GKeyDoneStations = 0;
        }
-       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
+       wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, group);
        wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
                   group->GKeyDoneStations);
 }