From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 28 Aug 2015 13:32:14 +0000 (+0300)
Subject: EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case
X-Git-Tag: hostap_2_5~98
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=43f49c3788fc6cdc6d4f96c7d9c9c2b4ff10f297;p=mech_eap.git

EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case

It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.

It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4fead13..5ebfe5e 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1759,6 +1759,14 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
 			wpa_remove_ptk(sm);
 	}
 
+	if (sm->in_step_loop) {
+		/*
+		 * wpa_sm_step() is already running - avoid recursive call to
+		 * it by making the existing loop process the new update.
+		 */
+		sm->changed = TRUE;
+		return 0;
+	}
 	return wpa_sm_step(sm);
 }