Flush pmk cache

Jouni Malinen j
Tue Mar 15 08:48:09 PDT 2011

On Mon, Feb 28, 2011 at 05:52:59PM -0800, Dmitry Shmidt wrote:
> We saw that if you connect to enterprise network, then remove it and
> recreate with wrong password it will be still connected properly.
> Our suspicion is pmk cache. Does it make sense to flush it in this case like:
> diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
> @@ -1041,12 +1041,13 @@ static int wpa_supplicant_ctrl_iface_remove_network(
>         if (ssid == wpa_s->current_ssid) {
> +               wpa_printf(MSG_DEBUG, "RSN: flushing PMKID list in the driver");
> +               wpa_drv_flush_pmkid(wpa_s);

The PMKSA cache entry needs to be deleted whenever the matching PMK is
lost. However, I do not think that that is currently happening here. Nor
would this be enough with drivers that use wpa_supplicant to generate
the RSN IE.

Assuming we can agree on when a PMKSA is removed, the proper fix would
be to do this through the PMKSA cache data within wpa_supplicant, i.e.,
remove an entry from there and make sure the remove_pmkid() and/or
flush_pmkid() callback will be called for drivers that need them.

When a network is removed (or its password/identity changed),
src/rsn_supp/pmksa_cache.c would need to be notified with a new function
that takes in a void *network_ctx (pointer to wpa_ssid) so that all the
entries in the internal PMKSA cache for that network are dropped. This
should take care of the driver-based PMKID table, too, with a call to
wpa_sm_remove_pmkid(). This does not seem to be currently done in all
cases, so there may be additional places where this needs to be added
prior to calling pmksa_cache_free_entry().

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list