[PATCH] mesh: Add for_each_sta implementation in wpa_auth_callbacks
Jouni Malinen
j at w1.fi
Sat Dec 2 10:59:58 PST 2023
On Fri, Dec 01, 2023 at 04:14:11PM +0100, Remi Pommarel wrote:
> The wpa_auth_callbacks for mesh was missing a for_each_sta
> implementation. This is an issue with pmksa cache, as when a cache entry
> expires the for_each_sta callback is called in order to clear the pmksa
> reference for all sta that was using this entry. Not having a
> for_each_sta callback will prevent this cleanup to happen then a sta
> could still use this pmksa entry even after it has been freed.
>
> This used after free was not a problem up until recently where dpp_pkhash
> is now stored in pmksa entry and retreived later on causing crash with
> below backtrace:
>
> _wpa_snprintf_hex src/utils/common.c:326
> wpa_snprintf_hex src/utils/common.c:348
> hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
> hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
> hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:600
> hostapd_ctrl_iface_sta src/ap/ctrl_iface_ap.c:615
> wpa_supplicant_ctrl_iface_process src/wpa_supplicant/ctrl_iface.c:12741
> wpa_supplicant_global_ctrl_iface_receive src/wpa_supplicant/ctrl_iface_unix.c:1141
> eloop_sock_table_dispatch src/utils/eloop.c:625
> eloop_run src/utils/eloop.c:1238
> wpa_supplicant_run src/wpa_supplicant/wpa_supplicant.c:8021
> main src/wpa_supplicant/main.c:393
>
> Adding a for_each_sta callbacks fixes that.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list