From 8edaa23f8a1834984bac9d19a896f45a2b44bd0c Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Fri, 25 Jan 2019 11:23:11 -0800 Subject: [PATCH] eapol: emit HANDSHAKE_EVENT_REKEY_FAILED If we receive handshake message 1/4 after we are already connected the AP is attempting to rekey. This may not be allowed and if not we do not process the rekey and emit HANDSHAKE_EVENT_REKEY_FAILED so any listeners can handle accordingly. --- src/eapol.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/eapol.c b/src/eapol.c index a9baf551..659cc825 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1104,6 +1104,16 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm, memcmp(sm->handshake->anonce, ek->key_nonce, sizeof(ek->key_nonce)) || sm->handshake->ptk_complete) { + if (sm->handshake->ptk_complete && sm->handshake->no_rekey) { + /* + * In case of rekey not being allowed, signal to upper + * layers that we need to do a full reauth + */ + handshake_event(sm->handshake, + HANDSHAKE_EVENT_REKEY_FAILED, NULL); + return; + } + handshake_state_new_snonce(sm->handshake); handshake_state_set_anonce(sm->handshake, ek->key_nonce);