Hostapd Preauthentication Segfault

Jouni Malinen jkmaline
Sun Aug 29 15:13:04 PDT 2004


On Fri, Aug 06, 2004 at 03:47:20PM +0200, Simi Winiker wrote:

> I tried to use 802.11i RSN with EAP-TLS and pre-authentication, but
> hostapd segfaults after succesful pre-auth. I used the CVS version as well
> as 0.2.3 and 0.2.4, always the same error.

> I also tried to isolate the in the code, what causes the segfault, and it
> seems, that the it happens in the rsn_preauth_finished function in wpa.c:

> void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
>                           int success)
> {

> ----->  ap_free_sta(hapd, sta);
> }

> By commenting this line out, the segfault disappears, and
> preauthentication seems to proceed as expected.

This line was indeed triggering the segfault. However, commenting it out
is not the correct fix for this; the STA entry is supposed to be removed
at this point.

EAPOL state machine was running at this point and it was not prepared
for STA entry disappearing while eapol_sm_step() function continued
running. I added a workaround code for the state machine to abort if the
STA entry is removed. This removed the segfault in end of the
pre-authentication.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list