diff options
Diffstat (limited to 'package/network/services/hostapd/patches/001-fix_pmksa_cache.patch')
| -rwxr-xr-x | package/network/services/hostapd/patches/001-fix_pmksa_cache.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/001-fix_pmksa_cache.patch b/package/network/services/hostapd/patches/001-fix_pmksa_cache.patch new file mode 100755 index 0000000..76a3968 --- /dev/null +++ b/package/network/services/hostapd/patches/001-fix_pmksa_cache.patch @@ -0,0 +1,32 @@ +From 9c829900bb01d6fb22e78ba78195c78de39f64b9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 04 Oct 2014 19:11:00 +0000 +Subject: Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop + +If the first entry in the PMKSA cache did not match the station's MAC +address, an infinite loop could be reached in pmksa_cache_get_okc() when +trying to find a PMKSA cache entry for opportunistic key caching cases. +This would only happen if OKC is enabled (okc=1 included in the +configuration file). + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- +--- a/src/ap/pmksa_cache_auth.c ++++ b/src/ap/pmksa_cache_auth.c +@@ -394,15 +394,13 @@ struct rsn_pmksa_cache_entry * pmksa_cac + struct rsn_pmksa_cache_entry *entry; + u8 new_pmkid[PMKID_LEN]; + +- entry = pmksa->pmksa; +- while (entry) { ++ for (entry = pmksa->pmksa; entry; entry = entry->next) { + if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0) + continue; + rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid, + wpa_key_mgmt_sha256(entry->akmp)); + if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0) + return entry; +- entry = entry->next; + } + return NULL; + } |