On Wed, Feb 10, 2016 at 11:26:14AM +0000, Nick Lowe wrote:
> Switch from os_get_time(...) to os_get_reltime(...) to avoid
> malfunction if-and-when the system clock shifts.
> src/eap_server/eap_server_fast.c | 8 ++++----
> diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
> @@ -127,7 +127,7 @@ static int eap_fast_session_ticket_cb(void *ctx,
> - struct os_time now;
> + struct os_reltime now;
> - if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
> + if (os_get_reltime(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
> wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore "
This does not look appropriate. The lifetime is stored at the client
side and this needs to work after the server boot (which would clear
reltime) and this also needs to work with multiple servers (it is
possible to share the same PAC encryption key between multiple
authentication servers). In other words, this really needs to be the
correct calendar time and system clocks needs to be synced correctly for
this to work.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
