When an AP fails to receive message 4 of the 4-way handshake, the station has completed association but the AP has not. The AP sends an unprotected deauth frame to the station with a reason code of WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT, but the station's WPA state is WPA_COMPLETED so it ignores unprotected deauth frames that do not have a reason code of WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA or WLAN_REASON_CLASS3_FRAME_FROM_NONAUTH_STA. The station becomes stuck in an invalid state. Add WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT to the list of reason codes for deauth frames that can be verified by using SA Query. Signed-off-by: James Herbert <james.herbert@xxxxxxxxxxxxxx> --- wpa_supplicant/sme.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 9b083cddd..6a335b5cb 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -3497,7 +3497,8 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, if (!ether_addr_equal(sa, wpa_s->bssid)) return; if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA && - reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA) + reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA && + reason_code != WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT) return; if (wpa_s->sme.sa_query_count > 0) return; -- 2.25.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
