hostapd: RSN 4-way handshake issue with Cisco WET200 client

Helmut Schaa helmut.schaa
Mon Jan 23 04:57:39 PST 2012


Hi,

On Sun, Jan 22, 2012 at 11:26 AM, Jouni Malinen <j at w1.fi> wrote:
> It looks like we need to do that taken into account that this issue has
> apparently been reported with number of deployed devices. I would have
> preferred not doing this, but well, since lack of the validation should
> not open security issues, I committed the following change as a
> workaround for interoperability issues. Could you please confirm that it
> resolves the issue with the station device you tested with?

I've just tested your patch with the affected device, works like a charm!
Thanks.

Felix, you might want to add Jounis patch to the openwrt tree?

Helmut

> ?commit 74590e710f65134522b9a654609ac38d0ce54852
> ?Author: Jouni Malinen <j at w1.fi>
> ?Date: ? Sun Jan 22 12:23:28 2012 +0200
>
> ? ?Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
>
> ? ?Some deployed station implementations seem to send msg 4/4 with
> ? ?incorrect type value in WPA2 mode. Add a workaround to ignore that issue
> ? ?so that such stations can interoperate with hostapd authenticator. The
> ? ?validation checks were added in commit
> ? ?f8e96eb6fd960a017793942cff0eb43b09f444c6.
>
> ? ?Signed-hostap: Jouni Malinen <j at w1.fi>
>
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> index 9da5609..c4d77bf 100644
> --- a/src/ap/wpa_auth.c
> +++ b/src/ap/wpa_auth.c
> @@ -795,7 +795,14 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
> ? ? ? ?}
>
> ? ? ? ?if (sm->wpa == WPA_VERSION_WPA2) {
> - ? ? ? ? ? ? ? if (key->type != EAPOL_KEY_TYPE_RSN) {
> + ? ? ? ? ? ? ? if (key->type == EAPOL_KEY_TYPE_WPA) {
> + ? ? ? ? ? ? ? ? ? ? ? /*
> + ? ? ? ? ? ? ? ? ? ? ? ?* Some deployed station implementations seem to send
> + ? ? ? ? ? ? ? ? ? ? ? ?* msg 4/4 with incorrect type value in WPA2 mode.
> + ? ? ? ? ? ? ? ? ? ? ? ?*/
> + ? ? ? ? ? ? ? ? ? ? ? wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"with unexpected WPA type in RSN mode");
> + ? ? ? ? ? ? ? } else if (key->type != EAPOL_KEY_TYPE_RSN) {
> ? ? ? ? ? ? ? ? ? ? ? ?wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? "unexpected type %d in RSN mode",
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? key->type);
>
> --
> Jouni Malinen ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap



More information about the Hostap mailing list