wpa_supplicant: Prevent reinstallation of an already in-use group key

components/wpa_supplicant/src/common/wpa_common.h

@@ -172,6 +172,11 @@ struct wpa_ptk {
 	} u;
 } STRUCT_PACKED;
 
+struct wpa_gtk {
+	u8 gtk[WPA_GTK_MAX_LEN];
+	size_t gtk_len;
+};
+
 struct wpa_gtk_data {
 	enum wpa_alg alg;
 	int tx, key_rsc_len, keyidx;

components/wpa_supplicant/src/rsn_supp/wpa.c

@@ -805,11 +805,20 @@ int   wpa_supplicant_install_gtk(struct wpa_sm *sm,
        
     wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
 
-    #ifdef DEBUG_PRINT    
+    /* Detect possible key reinstallation */
+    if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+        os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
+            wpa_printf(MSG_DEBUG,
+                    "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+                    gd->keyidx, gd->tx, gd->gtk_len);
+            return 0;
+    }
+    #ifdef DEBUG_PRINT
     wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
            "(keyidx=%d tx=%d len=%d).\n", gd->keyidx, gd->tx,
            gd->gtk_len);
-    #endif    
+    #endif
+
     wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
     if (sm->group_cipher == WPA_CIPHER_TKIP) {
         /* Swap Tx/Rx keys for Michael MIC */
@@ -843,6 +852,9 @@ int   wpa_supplicant_install_gtk(struct wpa_sm *sm,
         return -1;
     }
 
+    sm->gtk.gtk_len = gd->gtk_len;
+    os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
+
     return 0;
 }
 

components/wpa_supplicant/src/rsn_supp/wpa_i.h

@@ -41,6 +41,7 @@ struct wpa_sm {
     u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
     int rx_replay_counter_set;
     u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+    struct wpa_gtk gtk;
     struct rsn_pmksa_cache *pmksa; /* PMKSA cache */
     struct rsn_pmksa_cache_entry *cur_pmksa; /* current PMKSA entry */