git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <quic_jouni@quicinc.com>
	Thu, 10 Nov 2022 12:10:55 +0000 (14:10 +0200)
committer	Jouni Malinen <j@w1.fi>
	Thu, 10 Nov 2022 19:13:05 +0000 (21:13 +0200)
commit	9ff778fa4bd64b802106bd94c91fdc2a0cdc3600
tree	857c45639ec19131d78e7e34c026030b6ae54e62	tree
parent	9f04a9c8dd7a023d95ab929648a47c6343c844b8	commit \| diff

Check for own address (SPA) match when finding PMKSA entries

This prevents attempts of trying to use PMKSA caching when the existing
entry was created using a different MAC address than the one that is
currently being used. This avoids exposing the longer term PMKID value
when using random MAC addresses for connections.

In practice, similar restriction was already done by flushing the PMKSA
cache entries whenever wpas_update_random_addr() changed the local
address or when the interface was marked down (e.g., for an external
operation to change the MAC address).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

src/pasn/pasn_initiator.c		diff \| blob \| blame \| history
src/rsn_supp/pmksa_cache.c		diff \| blob \| blame \| history
src/rsn_supp/pmksa_cache.h		diff \| blob \| blame \| history
src/rsn_supp/preauth.c		diff \| blob \| blame \| history
src/rsn_supp/wpa.c		diff \| blob \| blame \| history
src/rsn_supp/wpa.h		diff \| blob \| blame \| history
wpa_supplicant/dpp_supplicant.c		diff \| blob \| blame \| history
wpa_supplicant/events.c		diff \| blob \| blame \| history