mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
SAE: Allow authentication restart on AP
In the infrastructure BSS case, the AP needs to clear pending SAE state if a new Commit message is received when already in Committed state. This allows the non-AP STA to negotiate a new group if it ends up trying to go through SAE authentication again before the AP side has removed the previous STA entry. This fixes an issue where a kernel update changed something in SAE timing or authentication sequence and started failing the sae_bignum_failure hwsim test case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
b1e1187744
commit
3a8dd390c9
@ -953,6 +953,20 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
if (status_code != WLAN_STATUS_SUCCESS)
|
||||
goto remove_sta;
|
||||
|
||||
if (!(hapd->conf->mesh & MESH_ENABLED) &&
|
||||
sta->sae->state == SAE_COMMITTED) {
|
||||
/* This is needed in the infrastructure BSS case to
|
||||
* address a sequence where a STA entry may remain in
|
||||
* hostapd across two attempts to do SAE authentication
|
||||
* by the same STA. The second attempt may end up trying
|
||||
* to use a different group and that would not be
|
||||
* allowed if we remain in Committed state with the
|
||||
* previously set parameters. */
|
||||
sae_set_state(sta, SAE_NOTHING,
|
||||
"Clear existing state to allow restart");
|
||||
sae_clear_data(sta->sae);
|
||||
}
|
||||
|
||||
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
|
||||
((const u8 *) mgmt) + len -
|
||||
mgmt->u.auth.variable, &token,
|
||||
|
Loading…
Reference in New Issue
Block a user