diff options
Diffstat (limited to 'package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch')
| -rw-r--r-- | package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch b/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch deleted file mode 100644 index 0a3c27f89e..0000000000 --- a/package/network/services/hostapd/patches/003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Jouni Malinen <j@w1.fi> -Date: Sat, 14 Jan 2017 13:56:18 +0200 -Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX - -When wpa_supplicant was processing a received Authentication frame (seq -1) from a peer STA for which there was already a TK configured to the -driver, debug log claimed that the PTK gets cleared, but the actual -call to clear the key was actually dropped due to AUTH vs. SUPP set_key -selection. Fix this by explicitly clearing the TK in case it was set -and an Authentication frame (seq 1) is received. - -This fixes some cases where EAPOL-Key frames were sent encrypted using -the old key when a peer STA restarted itself and lost the key and had to -re-join the IBSS. Previously, that state required timing out the 4-way -handshake and Deauthentication frame exchange to recover. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - ---- a/wpa_supplicant/ibss_rsn.c -+++ b/wpa_supplicant/ibss_rsn.c -@@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2( - MAC2STR(addr)); - - if (peer && -+ peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP | -+ IBSS_RSN_SET_PTK_AUTH)) { -+ /* Clear the TK for this pair to allow recovery from the case -+ * where the peer STA has restarted and lost its key while we -+ * still have a pairwise key configured. */ -+ wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer " -+ MACSTR, MAC2STR(addr)); -+ wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0, -+ NULL, 0, NULL, 0); -+ } -+ -+ if (peer && - peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) { - if (peer->own_auth_tx.sec) { - struct os_reltime now, diff; |