mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-24 15:56:49 +00:00
41 lines
1.6 KiB
Diff
41 lines
1.6 KiB
Diff
|
From: Jouni Malinen <j@w1.fi>
|
||
|
Date: Sat, 14 Jan 2017 13:56:18 +0200
|
||
|
Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
|
||
|
|
||
|
When wpa_supplicant was processing a received Authentication frame (seq
|
||
|
1) from a peer STA for which there was already a TK configured to the
|
||
|
driver, debug log claimed that the PTK gets cleared, but the actual
|
||
|
call to clear the key was actually dropped due to AUTH vs. SUPP set_key
|
||
|
selection. Fix this by explicitly clearing the TK in case it was set
|
||
|
and an Authentication frame (seq 1) is received.
|
||
|
|
||
|
This fixes some cases where EAPOL-Key frames were sent encrypted using
|
||
|
the old key when a peer STA restarted itself and lost the key and had to
|
||
|
re-join the IBSS. Previously, that state required timing out the 4-way
|
||
|
handshake and Deauthentication frame exchange to recover.
|
||
|
|
||
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||
|
---
|
||
|
|
||
|
--- a/wpa_supplicant/ibss_rsn.c
|
||
|
+++ b/wpa_supplicant/ibss_rsn.c
|
||
|
@@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
|
||
|
MAC2STR(addr));
|
||
|
|
||
|
if (peer &&
|
||
|
+ peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
|
||
|
+ IBSS_RSN_SET_PTK_AUTH)) {
|
||
|
+ /* Clear the TK for this pair to allow recovery from the case
|
||
|
+ * where the peer STA has restarted and lost its key while we
|
||
|
+ * still have a pairwise key configured. */
|
||
|
+ wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
|
||
|
+ MACSTR, MAC2STR(addr));
|
||
|
+ wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
|
||
|
+ NULL, 0, NULL, 0);
|
||
|
+ }
|
||
|
+
|
||
|
+ if (peer &&
|
||
|
peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
|
||
|
if (peer->own_auth_tx.sec) {
|
||
|
struct os_reltime now, diff;
|