EAPOL auth: Avoid recursive wpa_sm_step() on WPA_DEAUTH case

It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.

It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4fead13..5ebfe5e 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1759,6 +1759,14 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
                        wpa_remove_ptk(sm);
        }
 
+       if (sm->in_step_loop) {
+               /*
+                * wpa_sm_step() is already running - avoid recursive call to
+                * it by making the existing loop process the new update.
+                */
+               sm->changed = TRUE;
+               return 0;
+       }
        return wpa_sm_step(sm);
 }