[PATCH] fix infinite loop in wpa_auth state machine

michael-dev michael-dev
Mon Mar 25 10:41:09 PDT 2013


when the os is out of random bytes in SM_STATE(WPA_PTK, 
AUTHENTICATION2) in ap/wpa_auth.c, hostapd sends the sm to state 
DISCONNECT without clearing ReAuthenticationRequest, resulting in an 
infinite loop. Clearing sm->ReAuthenticationRequest using gdb fixes the 
running hostapd instance for me. Also sm->Disconnect=true should be used 
instead of wpa_sta_disconnect to make sure that the incomplete ANonce 
does not get used.

Please find a patch attached that fixes this issue by resetting 
sm->ReAuthenticationRequest even if the sta gets disconnected and uses 
sm->Disconnect instead of wpa_sta_disconnect.

  M. Braun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd-fix-infinite-loop.diff
Type: text/x-c
Size: 1278 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20130325/eba84359/attachment.bin 

More information about the Hostap mailing list