]> git.ipfire.org Git - thirdparty/hostap.git/commit - src/ap/wpa_auth.c
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 89c343e) | patch
hostapd: Avoid key reinstallation in FT handshake
authorMathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Fri, 14 Jul 2017 13:15:35 +0000 (15:15 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 15 Oct 2017 23:03:47 +0000 (02:03 +0300)
commit0e3bd7ac684a2289aa613347e2f3ad54ad6a9449
treef4d1d2b4e0ab6d842ea17b446948a327f6f98c71tree | snapshot
parent89c343e88765edc98ace9aab2deb21e97d8d5f08commit | diff
hostapd: Avoid key reinstallation in FT handshake

Do not reinstall TK to the driver during Reassociation Response frame
processing if the first attempt of setting the TK succeeded. This avoids
issues related to clearing the TX/RX PN that could result in reusing
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
also hitting replay protection on the receiver) and accepting replayed
frames on RX side.

This issue was introduced by the commit
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
times with the same PTK. While the second configuration attempt is
needed with some drivers, it must be done only if the first attempt
failed.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
src/ap/ieee802_11.c diff | blob | blame | history
src/ap/wpa_auth.c diff | blob | blame | history
src/ap/wpa_auth.h diff | blob | blame | history
src/ap/wpa_auth_ft.c diff | blob | blame | history
src/ap/wpa_auth_i.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.