Skip GTK rekeying request if rekeying already in process
Do not start yet another rekeying of GTK when receiving an EAPOL-Key request frame at the point when the GTK is already being rekeyed. This fixes issues where the AP might end up configuring a different GTK than the one it sends to the associated stations. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
de4d62dbcd
commit
82d8d631ec
1 changed files with 17 additions and 1 deletions
|
|
@ -1001,6 +1001,18 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
|
|||
}
|
||||
|
||||
|
||||
static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth)
|
||||
{
|
||||
struct wpa_group *group;
|
||||
|
||||
for (group = wpa_auth->group; group; group = group->next) {
|
||||
if (group->GKeyDoneStations)
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||
struct wpa_state_machine *sm,
|
||||
u8 *data, size_t data_len)
|
||||
|
|
@ -1368,7 +1380,11 @@ continue_processing:
|
|||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
||||
"received EAPOL-Key Request for GTK rekeying");
|
||||
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
|
||||
wpa_rekey_gtk(wpa_auth, NULL);
|
||||
if (wpa_auth_gtk_rekey_in_process(wpa_auth))
|
||||
wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG,
|
||||
"skip new GTK rekey - already in process");
|
||||
else
|
||||
wpa_rekey_gtk(wpa_auth, NULL);
|
||||
}
|
||||
} else {
|
||||
/* Do not allow the same key replay counter to be reused. */
|
||||
|
|
|
|||
Loading…
Reference in a new issue