mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-02 20:28:24 -05:00
Clear EAPOL authenticator authFail for PMKSA caching/FT
This fixes a corner case where a STA that has PMKSA cache entry (or valid FT keys) could try to use full EAPOL/EAP authentication and fail. If the STA will then try to use the still valid PMKSA cache entry (or FT) before the STA entry has been cleared, authFail could have been left to TRUE. That will make EAPOL authenticator PAE state machine enter HELD state even though authSuccess was already forced to TRUE. This results in the STA getting disconnected even though it should be allowed to continue with 4-way handshake. While this is unlikely to happen in practice, it is better to get this fixed by clearing authFail when setting authSuccess. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
This commit is contained in:
parent
d9a38716cc
commit
c7bce24dc9
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* hostapd / IEEE 802.1X-2004 Authenticator
|
* hostapd / IEEE 802.1X-2004 Authenticator
|
||||||
* Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License version 2 as
|
* it under the terms of the GNU General Public License version 2 as
|
||||||
@ -918,6 +918,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
|
|||||||
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
|
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
|
||||||
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
|
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
|
||||||
sta->eapol_sm->authSuccess = TRUE;
|
sta->eapol_sm->authSuccess = TRUE;
|
||||||
|
sta->eapol_sm->authFail = FALSE;
|
||||||
if (sta->eapol_sm->eap)
|
if (sta->eapol_sm->eap)
|
||||||
eap_sm_notify_cached(sta->eapol_sm->eap);
|
eap_sm_notify_cached(sta->eapol_sm->eap);
|
||||||
/* TODO: get vlan_id from R0KH using RRB message */
|
/* TODO: get vlan_id from R0KH using RRB message */
|
||||||
@ -939,6 +940,7 @@ void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta)
|
|||||||
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
|
sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING;
|
||||||
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
|
sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS;
|
||||||
sta->eapol_sm->authSuccess = TRUE;
|
sta->eapol_sm->authSuccess = TRUE;
|
||||||
|
sta->eapol_sm->authFail = FALSE;
|
||||||
if (sta->eapol_sm->eap)
|
if (sta->eapol_sm->eap)
|
||||||
eap_sm_notify_cached(sta->eapol_sm->eap);
|
eap_sm_notify_cached(sta->eapol_sm->eap);
|
||||||
old_vlanid = sta->vlan_id;
|
old_vlanid = sta->vlan_id;
|
||||||
|
Loading…
Reference in New Issue
Block a user