How are multiple clients handled in hostapd?

Jouni Malinen j
Mon Aug 11 13:38:00 PDT 2014


On Mon, Aug 11, 2014 at 11:27:23AM +0300, khali singh wrote:
> I use global variables at the top of the .C file containing my new EAP
> method. Is it possible that two connecting clients can write to each others
> data?

Yes. I would strongly discourage such design.

> For example the C file contains a variable called as a global variable
> u8 sessid[17];
> 
> Can two simultaneous clients cause a problem?

Yes. There is a reason why every EAP method implementation in hostap.git
uses struct eap_*_data for per-session data.. There can be multiple
concurrent instances of an EAP server method. While there is only a
single thread running, that won't protect against this type of uses of
global variables with multiple users being able to try to authenticate
at the same time.

That said, it should be noted that the EAP server methods do not have
support for fast session resumption in a similar way to the EAP peer
methods since they do not maintain any internal state between EAP
sessions. The existing examples use either the TLS library to do this
(EAP-TTLS/PEAP/TLS) or a separate component (EAP-SIM/AKA/AKA' and
eap_sim_db). The latter would likely be closer to what you are
describing here.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list