[PATCH] hostapd: fix wpa_psk_file support for ft-psk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For FT-PSK sm->xxkey was populated with only first
password on the linked list (i.e. last matching
password in the wpa_psk_file) in INITPSK. This
caused only that password to be recognized and
accepted. All other passwords were not verified
properly and subsequently prevented clients from
connecting.

Hostapd would report:

 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: invalid MIC in msg 2/4 of 4-Way Handshake
 Jan 30 12:55:45 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout

Signed-off-by: Michal Kazior <michal@xxxxxxxxxxxxx>
---
 src/ap/wpa_auth.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 9e7ce96ca..aedc4c2e7 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -861,6 +861,10 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
 					       sm->p2p_dev_addr, pmk, &pmk_len);
 			if (pmk == NULL)
 				break;
+#ifdef CONFIG_IEEE80211R_AP
+			if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
+				memcpy(sm->xxkey, pmk, pmk_len);
+#endif
 		} else {
 			pmk = sm->PMK;
 			pmk_len = sm->pmk_len;
@@ -2643,6 +2647,10 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 			if (pmk == NULL)
 				break;
 			psk_found = 1;
+#ifdef CONFIG_IEEE80211R_AP
+			if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt))
+				memcpy(sm->xxkey, pmk, pmk_len);
+#endif
 		} else {
 			pmk = sm->PMK;
 			pmk_len = sm->pmk_len;
-- 
2.15.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux