Cumulative patch from commit 21cb63fffd1e766c8b989125394ed0bfb05e5a4b

21cb63f OpenSSL: Fix client certificate chain building after PKCS#12 use
12a81b6 ACS: Remove unreachable case from a debug print
896607d Remove a pointer check that can never be true
a95cc47 ACS: Be more consistent with iface->current_mode checks
6014e59 P2P: Print find_start in debug log when ignoring old scan results
64845c1 l2_packet: Extend bridge workaround RX processing to cover two frames
4a539ab l2_packet: Improve bridge workaround RX processing
7a36f11 EAP-PAX: Check hmac_sha1_vector() return value
1d20c66 P2P: Clear groups first on FLUSH command
27446e4 mesh: Do not force another peering exchange on driver event
cc64fe7 mesh: Do not clear link state on driver event if exchange was started
b5f5c32 mesh: Add some more details to MPM debug messages
7d41907 nl80211: Add a missing space to a debug message
6174de6 mesh: Connection and group started/removed events into debug log
2da4a56 Add more hostapd.conf documentation for hw_mode with HT/VHT
acc3943 EAP-PEAP peer: Cryptobinding in fast-reconnect case with inner EAP
cba9ebf P2P: Try SD Query with each non-ACK peer only once per search iteration
e9ccfc3 Clear wpa_supplicant state to DISCONNECTED on FLUSH command
aeb408f HS 2.0: Add some documentation for OSEN and network block use
4f6cd3f Fix wpa_supplicant AP mode P2P IE handling if P2P is disabled
92acb40 Fix wpa_supplicant build with CONFIG_L2_PACKET=pcap
15c5606 Update copyright notices for the new year 2016
6e379c6 WPS: Testing mechanism to force auth/encr type flags
ea31912 WPS: Add a workaround for WPA2PSK missing from Enrollee auth flags
db671e0 WPS: Do not build Credential with unsupported encr combination on AP
d7c3347 HS 2.0: Postpone WNM-Notification sending by 100 ms
750f5d9 EAP-FAST: Enable AES256-based TLS cipher suites with OpenSSL
1ebb24b OpenSSL: Share a single openssl_tls_prf() implementation
dea2051 OpenSSL: Clean up function to fetch client/server random
9a42d85 OpenSSL: Drop support for OpenSSL 1.0.0
de213e8 OpenSSL: Drop support for OpenSSL 0.9.8
e79eb0c P2P: Fix P2P_FIND while waiting for listen ROC to start in the driver
944f693 P2P: Stop offchannel TX wait on P2P_STOP_FIND/P2P_LISTEN
8edd9f1 P2P: Add an option to specify group SSID in P2P_CONNECT join case
70e0cb3 P2P: Provide group SSID, if specified, to P2P Client join step
438be60 P2P: Do not accept any GO BSS entry if SSID is specified for join
35510d5 P2P: Use join SSID in the skip-PD cases
8b8d4f4 P2P: Do not accept any BSS entry for join if SSID is already known
b875276 P2P: Use group SSID, if known, for join operation even if no BSS entry
aa256cb P2PS: Add group SSID, if known, to the P2PS-PROV-DONE event
071e3bf FST: Fix handling of Rx FST Setup Request when session already exists

Change-Id: Ia48764e8663232291160fb24153fa367b9ed3015
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/src/fst/fst_session.c b/src/fst/fst_session.c
index f804b12..9e4dada 100644
--- a/src/fst/fst_session.c
+++ b/src/fst/fst_session.c
@@ -447,7 +447,9 @@
 		 * the initiator’s MAC address, in which case, the responder
 		 * shall delete the received FST Setup Request.
 		 */
-		if (os_memcmp(mgmt->da, mgmt->sa, ETH_ALEN) > 0) {
+		if (fst_session_is_ready_pending(s) &&
+		    /* waiting for Setup Response */
+		    os_memcmp(mgmt->da, mgmt->sa, ETH_ALEN) > 0) {
 			fst_printf_session(s, MSG_WARNING,
 					   "FST Request dropped due to MAC comparison (our MAC is "
 					   MACSTR ")",
@@ -455,23 +457,26 @@
 			return;
 		}
 
-		if (!fst_session_is_ready_pending(s)) {
-			fst_printf_session(s, MSG_WARNING,
-					   "FST Request from " MACSTR
-					   " dropped due to inappropriate state %s",
-					   MAC2STR(mgmt->da),
-					   fst_session_state_name(s->state));
-			return;
-		}
+		/*
+		 * State is SETUP_COMPLETION (either in transition or not) or
+		 * TRANSITION_DONE (in transition).
+		 * Setup Request arriving in this state could mean:
+		 * 1. peer sent it before receiving our Setup Request (race
+		 *    condition)
+		 * 2. peer didn't receive our Setup Response. Peer is retrying
+		 *    after STT timeout
+		 * 3. peer's FST state machines are out of sync due to some
+		 *    other reason
+		 *
+		 * We will reset our session and create a new one instead.
+		 */
 
+		fst_printf_session(s, MSG_WARNING,
+			"resetting due to FST request");
 
 		/*
 		 * If FST Setup Request arrived with the same FSTS ID as one we
-		 * initialized before, it means the other side either didn't
-		 * receive our FST Request or skipped it for some reason (for
-		 * example, due to numerical MAC comparison).
-		 *
-		 * In this case, there's no need to tear down the session.
+		 * initialized before, there's no need to tear down the session.
 		 * Moreover, as FSTS ID is the same, the other side will
 		 * associate this tear down with the session it initiated that
 		 * will break the sync.
@@ -483,7 +488,6 @@
 					   "Skipping TearDown as the FST request has the same FSTS ID as initiated");
 		fst_session_set_state(s, FST_SESSION_STATE_INITIAL, &evext);
 		fst_session_stt_disarm(s);
-		fst_printf_session(s, MSG_WARNING, "reset due to FST request");
 	}
 
 	s = fst_session_create(g);