GAS: Ignore replays if previous frag_id without dropping GAS session

It looks like it may be possible for an older GAS response to get retransmitted
even after the first copy has been processed. While this should not really come
up all the way to wpa_supplicant due to sequence number being same (i.e.,
duplicate detection should from the frame), some cases have been observed where
this did cause issues. Drop such a frame silently without dropping the ongoing
GAS session to allow a frame with the next frag_id to be processed after this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index 27bcc7a..09d308a 100644 (file)
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -271,6 +271,11 @@ static void gas_query_rx_comeback(struct gas_query *gas,
        if (frag_id != query->next_frag_id) {
                wpa_printf(MSG_DEBUG, "GAS: Unexpected frag_id in response "
                           "from " MACSTR, MAC2STR(query->addr));
+               if (frag_id + 1 == query->next_frag_id) {
+                       wpa_printf(MSG_DEBUG, "GAS: Drop frame as possible "
+                                  "retry of previous fragment");
+                       return;
+               }
                gas_query_done(gas, query, GAS_QUERY_PEER_ERROR);
                return;
        }