eapol: Silently discard invalid EAPoL frames

Do not fail an ongoing handshake when an invalid EAPoL frame is
received.  Instead, follow the intent of 802.11-2020 section 12.7.2:
"EAPOL-Key frames containing invalid field values shall be silently
discarded."

This prevents a denial-of-service attack where receipt of an invalid,
unencrypted EAPoL 1/4 frame generated by an adversary results in iwd
terminating an ongoing connection.

Reported-by: Domien Schepers <schepers.d@northeastern.edu>

src/eapol.c

@@ -1152,7 +1152,7 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
 	l_debug("ifindex=%u", sm->handshake->ifindex);
 
 	if (!eapol_verify_ptk_1_of_4(ek, sm->mic_len))
-		goto error_unspecified;
+		return;
 
 	pmkid = handshake_util_find_pmkid_kde(EAPOL_KEY_DATA(ek, sm->mic_len),
 					EAPOL_KEY_DATA_LEN(ek, sm->mic_len));
@@ -1676,10 +1676,8 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
 
 	l_debug("ifindex=%u", hs->ifindex);
 
-	if (!eapol_verify_ptk_3_of_4(ek, hs->wpa_ie, sm->mic_len)) {
+	if (!eapol_verify_ptk_3_of_4(ek, hs->wpa_ie, sm->mic_len))
-		handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
 		return;
-	}
 
 	/*
 	 * 802.11-2016, Section 12.7.6.4:
@@ -2086,10 +2084,8 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
 
 	l_debug("ifindex=%u", hs->ifindex);
 
-	if (!eapol_verify_gtk_1_of_2(ek, hs->wpa_ie, sm->mic_len)) {
+	if (!eapol_verify_gtk_1_of_2(ek, hs->wpa_ie, sm->mic_len))
-		handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
 		return;
-	}
 
 	oci = handshake_util_find_kde(HANDSHAKE_KDE_OCI, decrypted_key_data,
 					decrypted_key_data_size, &oci_len);