wpa_supplicant/Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch

commit b4a1256d3660a2b5239062a9b42de79b8a34286a
Author: Jouni Malinen <j@w1.fi>
Date:   Sat May 1 17:35:28 2010 +0300

    Fix fallback from failed PMKSA caching into full EAP authentication
    
    Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced
    disconnection in case of 4-way handshake failures. However, it should
    not have changed the case where the supplicant is requesting fallback
    to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
    not know. This case needs to send an EAPOL-Start frame instead of
    EAPOL-Key message 2/4.
    
    This works around a problem with APs that try to force PMKSA caching
    even when the client does not include PMKID in (re)association request
    frame to request it. [Bug 355]

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 885d173..9439f97 100644
--- src/rsn_supp/wpa.c
+++ src/rsn_supp/wpa.c
@@ -231,6 +231,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 			wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL,
 					  buf, buflen);
 			os_free(buf);
+			return -2;
 		}
 
 		return -1;
@@ -361,6 +362,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
 	struct wpa_eapol_ie_parse ie;
 	struct wpa_ptk *ptk;
 	u8 buf[8];
+	int res;
 
 	if (wpa_sm_get_network_ctx(sm) == NULL) {
 		wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of "
@@ -388,7 +390,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
 	}
 #endif /* CONFIG_NO_WPA2 */
 
-	if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid))
+	res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
+	if (res == -2) {
+		wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - "
+			   "requesting full EAP authentication");
+		return;
+	}
+	if (res)
 		goto failed;
 
 	if (sm->renew_snonce) {