[PATCH] mesh: Add for_each_sta implementation in wpa_auth_callbacks

Jouni Malinen j at w1.fi
Sat Dec 2 10:59:58 PST 2023

On Fri, Dec 01, 2023 at 04:14:11PM +0100, Remi Pommarel wrote:
> The wpa_auth_callbacks for mesh was missing a for_each_sta
> implementation. This is an issue with pmksa cache, as when a cache entry
> expires the for_each_sta callback is called in order to clear the pmksa
> reference for all sta that was using this entry. Not having a
> for_each_sta callback will prevent this cleanup to happen then a sta
> could still use this pmksa entry even after it has been freed.
> This used after free was not a problem up until recently where dpp_pkhash
> is now stored in pmksa entry and retreived later on causing crash with
> below backtrace:
>   _wpa_snprintf_hex                        src/utils/common.c:326
>   wpa_snprintf_hex                         src/utils/common.c:348
>   hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:542
>   hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:542
>   hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:600
>   hostapd_ctrl_iface_sta                   src/ap/ctrl_iface_ap.c:615
>   wpa_supplicant_ctrl_iface_process        src/wpa_supplicant/ctrl_iface.c:12741
>   wpa_supplicant_global_ctrl_iface_receive src/wpa_supplicant/ctrl_iface_unix.c:1141
>   eloop_sock_table_dispatch                src/utils/eloop.c:625
>   eloop_run                                src/utils/eloop.c:1238
>   wpa_supplicant_run                       src/wpa_supplicant/wpa_supplicant.c:8021
>   main                                     src/wpa_supplicant/main.c:393
> Adding a for_each_sta callbacks fixes that.

Thanks, applied.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list