[PATCH] Fix race conditions in the WPA group-key state machine

Yen-Jung Chang yenjung
Sun Jun 1 19:52:25 PDT 2008

Please ignore the previous one patch, it would cause an infinite loop.
Attached is the updated patch.


2008/5/22 Yen-Jung Chang <yenjung at gmail.com>:

> Hi Jouni,
> I run into the same issue with 0.4.8, so I back port the robust mechanism
> from 0.5.10 to 0.4.8.
> Would you please give me some advice about the attached patch?
> Thanks,
> YJ.
> 2008/3/18 Jouni Malinen <j at w1.fi>:
> On Thu, Mar 06, 2008 at 09:18:46AM +0200, Uri Simchoni wrote:
>> > Working with madwifi driver, we've encountered some rare conditions in
>> > which clients can't receive WPA-encrypted multicast packets. This has
>> > become a more serious lately since Windows Vista uses broadcast packets
>> > for DHCP by default.
>> >
>> > After digging into it for a while, we realized that the group-key state
>> > machine was stuck in the SETKEYS state, meaning that it negotiates a new
>> > group key, but doesn't activate the key at the driver. Further
>> > investigation showed that the GNoStations variable got negative.
>> Thanks for reporting this.
>> > The supplied patch (against 0.4.10, sorry...) fixes these issues, and
>> > also remove the reliance on GNoStations, because it looks like a
>> > not-very-robust way to determine how many stations need to negotiate
>> > group key (although it's based on the standard...)
>> I replaced the group key update management with a more robust mechanism
>> about a month ago (the new version is included in 0.5.10). It uses a bit
>> different solution when compared to your patch, but I would expect the
>> end result to be quite similar since GNoStations variable was removed
>> completely and only the stations that are really active and ready for
>> group key update are include in the dynamic count.
>> I haven't ported the patch to 0.4.x branch yet, but I would prefer to
>> use the same solution in all branches to minimize amount of code to
>> maintain in the future.
>> --
>> Jouni Malinen                                            PGP id EFC895FA
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080602/b9f165e3/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: robust-group-key-update-0.4.8.patch
Type: application/octet-stream
Size: 2702 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20080602/b9f165e3/attachment.obj 

More information about the Hostap mailing list