Re: [PATCH] Switch from os_get_time(...) to os_get_reltime(...) to avoid malfunction if-and-when the system clock shifts.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 10, 2016 at 11:26:14AM +0000, Nick Lowe wrote:
> Switch from os_get_time(...) to os_get_reltime(...) to avoid
> malfunction if-and-when the system clock shifts.

>  src/eap_server/eap_server_fast.c | 8 ++++----
> diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
> @@ -127,7 +127,7 @@ static int eap_fast_session_ticket_cb(void *ctx,
> - struct os_time now;
> + struct os_reltime now;

> - if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
> + if (os_get_reltime(&now) < 0 || lifetime <= 0 || now.sec > lifetime) {
>   wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore "

This does not look appropriate. The lifetime is stored at the client
side and this needs to work after the server boot (which would clear
reltime) and this also needs to work with multiple servers (it is
possible to share the same PAC encryption key between multiple
authentication servers). In other words, this really needs to be the
correct calendar time and system clocks needs to be synced correctly for
this to work.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux