[PATCH] hostap: send the driver the new gtk after mic failure

Jouni Malinen j
Sun Oct 30 13:22:07 PDT 2011

On Tue, Aug 09, 2011 at 10:42:04AM +0300, Yoni Divinsky wrote:
> The GTK is renewed in the hostapd after a MIC attack 
> dissassociation without informing the driver, 
> causing decryption failures. 
> This patch sends the new gtk to the driver after it
> is updated by the hostapd.

Thanks! Applied with some changes.

> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> @@ -2466,6 +2466,9 @@ void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth)
>  #endif /* CONFIG_IEEE80211W */
>  		wpa_gtk_update(wpa_auth, group);
>  	}
> +	/* Send the Key to the device */
> +	wpa_group_setkeysdone (wpa_auth,wpa_auth->group);

I changes this to call wpa_group_config_group_keys() directly in order
not to make this look like a state machine transition. In addition, it
is probably better to update both GTK keys, so I moved this to be within
the loop.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list