jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Skip GTK rekeying request if rekeying already in process

Browse source 
Do not start yet another rekeying of GTK when receiving an EAPOL-Key
request frame at the point when the GTK is already being rekeyed. This
fixes issues where the AP might end up configuring a different GTK than
the one it sends to the associated stations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2021-05-11 01:03:57 +03:00 committed by Jouni Malinen
parent de4d62dbcd
commit 82d8d631ec
1 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/ap/wpa_auth.c
View file

@ -1001,6 +1001,18 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
} }
static bool wpa_auth_gtk_rekey_in_process(struct wpa_authenticator *wpa_auth)
{
struct wpa_group *group;
for (group = wpa_auth->group; group; group = group->next) {
if (group->GKeyDoneStations)
return true;
}
return false;
}
void wpa_receive(struct wpa_authenticator *wpa_auth, void wpa_receive(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm, struct wpa_state_machine *sm,
u8 *data, size_t data_len) u8 *data, size_t data_len)
@ -1368,7 +1380,11 @@ continue_processing:
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Request for GTK rekeying"); "received EAPOL-Key Request for GTK rekeying");
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
wpa_rekey_gtk(wpa_auth, NULL); if (wpa_auth_gtk_rekey_in_process(wpa_auth))
wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG,
"skip new GTK rekey - already in process");
else
wpa_rekey_gtk(wpa_auth, NULL);
} }
} else { } else {
/* Do not allow the same key replay counter to be reused. */ /* Do not allow the same key replay counter to be reused. */