Make GKeyDoneStations counting able to recover from mismatches
Previously, a bug in GKeyDoneStations count would remain in effect until the authenticator is restarted. Make this more robust by clearing the station count before each rekeying setup. While this is not really supposed to be needed, there has been bugs in this area in the past and it is safer to make the implementation recover from such an issue automatically.
This commit is contained in:
parent
2ade8ef296
commit
3c183894d4
1 changed files with 16 additions and 7 deletions
|
@ -2265,20 +2265,23 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
||||||
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
||||||
"Not in PTKINITDONE; skip Group Key update");
|
"Not in PTKINITDONE; skip Group Key update");
|
||||||
|
sm->GUpdateStationKeys = FALSE;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (sm->GUpdateStationKeys) {
|
if (sm->GUpdateStationKeys) {
|
||||||
/*
|
/*
|
||||||
* This should not really happen, but just in case, make sure
|
* This should not really happen, so add a debug log entry.
|
||||||
* we do not count the same STA twice in GKeyDoneStations.
|
* Since we clear the GKeyDoneStations before the loop, the
|
||||||
|
* station needs to be counted here anyway.
|
||||||
*/
|
*/
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
||||||
"GUpdateStationKeys already set - do not "
|
"GUpdateStationKeys was already set when "
|
||||||
"increment GKeyDoneStations");
|
"marking station for GTK rekeying");
|
||||||
} else {
|
|
||||||
sm->group->GKeyDoneStations++;
|
|
||||||
sm->GUpdateStationKeys = TRUE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sm->group->GKeyDoneStations++;
|
||||||
|
sm->GUpdateStationKeys = TRUE;
|
||||||
|
|
||||||
wpa_sm_step(sm);
|
wpa_sm_step(sm);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -2307,6 +2310,12 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
|
||||||
* including all STAs that could be in not-yet-completed state. */
|
* including all STAs that could be in not-yet-completed state. */
|
||||||
wpa_gtk_update(wpa_auth, group);
|
wpa_gtk_update(wpa_auth, group);
|
||||||
|
|
||||||
|
if (group->GKeyDoneStations) {
|
||||||
|
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected "
|
||||||
|
"GKeyDoneStations=%d when starting new GTK rekey",
|
||||||
|
group->GKeyDoneStations);
|
||||||
|
group->GKeyDoneStations = 0;
|
||||||
|
}
|
||||||
wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
|
wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL);
|
||||||
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
|
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: GKeyDoneStations=%d",
|
||||||
group->GKeyDoneStations);
|
group->GKeyDoneStations);
|
||||||
|
|
Loading…
Reference in a new issue