From c31ae041a2babe3ca6c48932dd923c46da81519b Mon Sep 17 00:00:00 2001
From: James Prestwood <prestwoj@gmail.com>
Date: Thu, 12 Jan 2023 11:32:10 -0800
Subject: [PATCH] eapol: detect message 2/4 retransmits

If the authenticator has already set an snonce then the packet must
be a retransmit. Handle this by sending 3/4 again but making sure
to not reset the frame counter.
---
 src/eapol.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/eapol.c b/src/eapol.c
index d4ab9328..b338ad2a 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1606,12 +1606,18 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
 		sm->handshake->support_ip_allocation = ip_req_kde != NULL;
 	}
 
+	/*
+	 * If the snonce is already set don't reset the retry counter as this
+	 * is a rekey. To be safe take the most recent snonce (in this frame)
+	 * in case the station created a new one.
+	 */
+	if (!sm->handshake->have_snonce)
+		sm->frame_retry = 0;
+
 	memcpy(sm->handshake->snonce, ek->key_nonce,
 			sizeof(sm->handshake->snonce));
 	sm->handshake->have_snonce = true;
 
-	sm->frame_retry = 0;
-
 	eapol_ptk_3_of_4_retry(NULL, sm);
 }