[PATCH] fix endless loop in PTKCALCNEGOTIATING (was: Endless loop in hostapd trunk SHA implementation)

michael-dev michael-dev
Fri Jul 6 15:29:14 PDT 2012


Hi,

Am 06.06.2012 14:10, schrieb Jouni Malinen:
> On Tue, May 29, 2012 at 11:09:53PM +0200, michael-dev wrote:
>> I'm using OpenWRT trunk on a P1020WLAN (MPC85xx) SMP PPC32 system,
>> which uses the 2012-04-28 snapshot of hostapd with some patches [1].
>> Sometimes, the hostapd hangs in an infinite loop and all backtraces 
>> I
>> got look similar (sometimes it is in SHA1Final)
>
> Do you have any particular reason to believe that the loop is indeed
> within the SHA-1 implementation? I would find it more likely that 
> upper
> layer operations using SHA-1 are being executed in a loop.

you're right, it is not. This is actually an infinite loop in 
PTKCALCNEGOTIATING, which does not terminate, as get_psk does never 
return NULL.

This is due to the patch for wpa-psk radius support, which changes 
hostapd_wpa_auth_get_psk to return always return the radius supplied psk 
(if set) and ignores the prev_psk parameter for iteration. Attached 
comes a patch that fixes this by virtually appending the radius supplied 
psk to the list iterated by hostapd_get_psk and thus returning NULL when 
prev_psk == sta->psk (radius).

Signed-hostap: M. Braun <michael-dev at fami-braun.de>

Regards,
  M. Braun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-endless-loop.diff
Type: text/x-c
Size: 875 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20120707/50ec7097/attachment.bin 



More information about the Hostap mailing list