[RFC PATCH] pmksa: don't evict active entry when adding new ones
Jouni Malinen
j
Fri Aug 10 08:11:36 PDT 2012
On Mon, Aug 06, 2012 at 11:30:02AM -0500, Dan Williams wrote:
> If the PMKSA cache is full (ie, 32 candidates have been seen in scan
> results and have not yet expired) then any additional entries can
> potentially evict the current/active entry (if it is the first entry),
> which triggers a pointless local deauthentication. The supplicant
> shouldn't replace the current/active entry if it is still valid, but
> instead the oldest entry that is *not* the current/active one.
Agreed.
> Does this patch look correct? I haven't runtime tested it yet, but
> that's in the process of being done. Somebody double-check my
> linked-list logic, please :)
List handling was fine, but this patch is not enough on its own since
sm->cur_pmksa may be NULL and the check here for an active entry could
have failed. I applied this and then another commit that updates
sm->cur_pmksa when adding the initial SA entry. This seemed to address
the issue.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list