[PATCH] Allow Session-Timeout with PSK RADIUS during 4 Way Handshake

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've been reading the code and testing the PSK via RADIUS
functionality in hostap and discovered what I believe to be a bug.
When the RADIUS response includes a Session-Timeout and is otherwise
valid (an Access-Accept with a valid Tunnel-Password) the association
still fails due to the strict comparison of the accepted value with
HOSTAPD_ACL_ACCEPT.  Apparently this wasn't previously tested.

The patch below allows a packet containing a valid Session-Timeout
attribute to be accepted by extending the "success" comparison to
include HOSTAPD_ACL_ACCEPT_TIMEOUT.

Signed-off-by: Lee Harding <somerandomstring@xxxxxxxxx>

Diff inline below:

diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index e723ae74b..7b3b0137f 100644
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg,
struct radius_msg *req,

        if (query->radius_psk) {
                struct sta_info *sta;
-               bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
+               bool success = cache->accepted == HOSTAPD_ACL_ACCEPT
+                       || cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;

                sta = ap_get_sta(hapd, query->addr);
                if (!sta || !sta->wpa_sm) {

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux