While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.
Also, add check to reject control interface commands with reauth time
greater than expiration time.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
{
struct rsn_pmksa_cache_entry *new_entry;
os_time_t old_expiration = old_entry->expiration;
+ os_time_t old_reauth_time = old_entry->reauth_time;
const u8 *pmkid = NULL;
if (wpa_key_mgmt_sae(old_entry->akmp) ||
/* TODO: reorder entries based on expiration time? */
new_entry->expiration = old_expiration;
+ new_entry->reauth_time = old_reauth_time;
new_entry->opportunistic = 1;
return new_entry;
if (sscanf(pos, "%d %d %d %d", &reauth_time, &expiration,
&entry->akmp, &entry->opportunistic) != 4)
goto fail;
+ if (reauth_time > expiration)
+ goto fail;
for (i = 0; i < 4; i++) {
pos = os_strchr(pos, ' ');
if (!pos) {
projects / thirdparty / hostap.git / commitdiff
