scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-10-30 01:52:51 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
d459830df26fcc64bd6443d02c9ed0b34b7716b3
wlan-ap/feeds/ipq807x_v5.4/hostapd/patches/p00-003-hostapd-Fix-race-condition-in-four-way-handshake.patch
John Crispin 3b6582117b ipq807x: add ath12 / v5.4 support 
Signed-off-by: John Crispin <john@phrozen.org>
2023-04-10 14:25:48 +02:00

66 lines
2.2 KiB
Diff
Raw Blame History

From 29818cbd2d4fc8aee50d632335a31028b614ae1a Mon Sep 17 00:00:00 2001
From: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
Date: Thu, 10 Feb 2022 12:30:25 +0530
Subject: [PATCH] hostapd:Fix race condition in four way handshake
When there is multiple delayed m2 from the station,
after ap has tried m3 multiple times, ap tends to
send m3 again for the later received m2 incrementing
the replay counter. Here station replies with m4 only
for the first m3, but replay counter would have advanced
to higher number due to multiple m3 retries. Due to
replay counter mismatch m4 is discarded and station
association fails.
Added a flag to stop processing m2 if state machine has
already advanced to m3 state, this prevent m3 triggered
in response for m2 there by preventing the race condition
with respect to replay counter
Signed-off-by: Sowmiya Sree Elavalagan <quic_ssreeela@quicinc.com>
---
src/ap/wpa_auth.c | 3 ++-
src/ap/wpa_auth_i.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1150,7 +1150,7 @@ void wpa_receive(struct wpa_authenticato
!wpa_replay_counter_valid(sm->key_replay, key->replay_counter)) {
int i;
- if (msg == PAIRWISE_2 &&
+ if (msg == PAIRWISE_2 && !sm->m3_retried &&
wpa_replay_counter_valid(sm->prev_key_replay,
key->replay_counter) &&
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING &&
@@ -3753,6 +3753,7 @@ SM_STEP(WPA_PTK)
}
break;
case WPA_PTK_INITPSK:
+ sm->m3_retried = 0;
if (wpa_auth_get_psk(wpa_auth, sm->addr, sm->p2p_dev_addr,
NULL, NULL, NULL)) {
SM_ENTER(WPA_PTK, PTKSTART);
@@ -3811,8 +3812,10 @@ SM_STEP(WPA_PTK)
sm->disconnect_reason =
WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT;
SM_ENTER(WPA_PTK, DISCONNECT);
- } else if (sm->TimeoutEvt)
+ } else if (sm->TimeoutEvt) {
+ sm->m3_retried = 1;
SM_ENTER(WPA_PTK, PTKINITNEGOTIATING);
+ }
break;
case WPA_PTK_PTKINITDONE:
break;
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -95,6 +95,7 @@ struct wpa_state_machine {
#endif /* CONFIG_IEEE80211R_AP */
unsigned int is_wnmsleep:1;
unsigned int pmkid_set:1;
+ unsigned int m3_retried:1;
#ifdef CONFIG_OCV
int ocv_enabled;
Reference in New Issue View Git Blame Copy Permalink