[openwrt/openwrt] hostapd: fix sta psk index for dynamic psk auth
LEDE Commits
lede-commits at lists.infradead.org
Wed Feb 12 03:00:57 PST 2025
nbd pushed a commit to openwrt/openwrt.git, branch openwrt-24.10:
https://git.openwrt.org/cb4d2b3fb2a85bcd2aa49c4d11732e5b55e458c5
commit cb4d2b3fb2a85bcd2aa49c4d11732e5b55e458c5
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Feb 12 11:54:59 2025 +0100
hostapd: fix sta psk index for dynamic psk auth
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd at nbd.name>
(cherry picked from commit 8118b2dace06de839e1e23f018059995f4af5e11)
---
.../services/hostapd/patches/601-ucode_support.patch | 15 +++++++++++----
.../network/services/hostapd/patches/730-ft_iface.patch | 2 +-
.../hostapd/patches/803-hostapd-fix-80211be-build.patch | 2 +-
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/package/network/services/hostapd/patches/601-ucode_support.patch b/package/network/services/hostapd/patches/601-ucode_support.patch
index 5a88687cf2..13fd2b1b51 100644
--- a/package/network/services/hostapd/patches/601-ucode_support.patch
+++ b/package/network/services/hostapd/patches/601-ucode_support.patch
@@ -816,7 +816,7 @@ as adding/removing interfaces.
if (vlan_id)
*vlan_id = 0;
if (psk_len)
-@@ -446,13 +447,16 @@ static const u8 * hostapd_wpa_auth_get_p
+@@ -446,13 +447,18 @@ static const u8 * hostapd_wpa_auth_get_p
* returned psk which should not be returned again.
* logic list (all hostapd_get_psk; all sta->psk)
*/
@@ -830,16 +830,23 @@ as adding/removing interfaces.
*vlan_id = 0;
psk = sta->psk->psk;
- for (pos = sta->psk; pos; pos = pos->next) {
++ if (vlan_id)
++ sta->psk_idx = psk_idx;
+ for (pos = sta->psk; pos; pos = pos->next, psk_idx++) {
if (pos->is_passphrase) {
if (pbkdf2_sha1(pos->passphrase,
hapd->conf->ssid.ssid,
-@@ -469,6 +473,8 @@ static const u8 * hostapd_wpa_auth_get_p
+@@ -466,9 +472,13 @@ static const u8 * hostapd_wpa_auth_get_p
+ }
+ if (pos->psk == prev_psk) {
+ psk = pos->next ? pos->next->psk : NULL;
++ if (vlan_id)
++ sta->psk_idx = psk_idx + 1;
break;
}
}
-+ if (psk)
-+ sta->psk_idx = psk_idx;
++ if (vlan_id && !psk)
++ sta->psk_idx = 0;
}
return psk;
}
diff --git a/package/network/services/hostapd/patches/730-ft_iface.patch b/package/network/services/hostapd/patches/730-ft_iface.patch
index ac7d3abd78..f021f1f99b 100644
--- a/package/network/services/hostapd/patches/730-ft_iface.patch
+++ b/package/network/services/hostapd/patches/730-ft_iface.patch
@@ -29,7 +29,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly
int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -1821,8 +1821,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1825,8 +1825,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface;
diff --git a/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch b/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch
index f197b71bd7..cbd6298d9d 100644
--- a/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch
+++ b/package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch
@@ -25,7 +25,7 @@
+
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
-@@ -409,23 +409,8 @@ int ap_sta_re_add(struct hostapd_data *h
+@@ -408,23 +408,8 @@ int ap_sta_re_add(struct hostapd_data *h
void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta);
More information about the lede-commits
mailing list