wpa_supplicant disconnect bug

Jouni Malinen jkmaline
Sat Aug 26 18:42:33 PDT 2006

On Thu, Aug 17, 2006 at 10:01:02PM -0700, Chris Zimmermann wrote:

> In wpa_supplicant version 0.5.4,
> 	the file events.c,
> 	the function wpa_supplicant_event_disassoc()

> 	wpa_supplicant_mark_disassoc(wpa_s);

> 		wpa_clear_keys(wpa_s, wpa_s->bssid);

> However, the function, wpa_supplicant_mark_disassoc() ends up setting  
> the field wpa_s->bssid to all zeros (00:00:00:00:00:00).  When you  
> call wpa_clear_keys() after this, the PTK is not really cleared.   
> This leads to the inability to renegotiate WPA PTK, because the  
> message 2/4 will go out encrypted and the authenticator will never  
> get the message.

Thanks for reporting this. Many drivers don't care about this, but this
is indeed incorrect behavior.

> Changing the call to use a cached version of the BSSID held by  
> wpa_supplicant_event_disassoc() corrects this issue.

Yes, but even simpler fix is to just move
wpa_supplicant_mark_disassoc() to be called after wpa_clear_keys(). This
is now in the development branch.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list