mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-26 13:49:35 -05:00
4033935dd9
Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear all other PMKSA cache entries for the same network if the PMKSA cache entry of the current AP changed. This was needed to fix OKC cases since the other APs would likely use the new PMK in the future. However, this ended up clearing entries in cases where that is not desired and this resulted in needing additional full EAP authentication with networks that did not support OKC if wpa_supplicant was configured to try to use it. Make PMKSA cache entry flushing more limited so that the other entries are removed only if they used the old PMK that was replaced for the current AP and only if that PMK had previously been used successfully (i.e., opportunistic flag was already cleared back to 0 in wpa_supplicant_key_neg_complete()). This is still enough to fix the issue described in that older commit while not causing problems for standard PMKSA caching operations even if OKC is enabled in wpa_supplicant configuration. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>