hostapd: backport a few upstream fixes
[openwrt/openwrt.git] / package / network / services / hostapd / patches / 003-RSN-IBSS-Fix-TK-clearing-on-Authentication-frame-RX.patch
1 From: Jouni Malinen <j@w1.fi>
2 Date: Sat, 14 Jan 2017 13:56:18 +0200
3 Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
4
5 When wpa_supplicant was processing a received Authentication frame (seq
6 1) from a peer STA for which there was already a TK configured to the
7 driver, debug log claimed that the PTK gets cleared, but the actual
8 call to clear the key was actually dropped due to AUTH vs. SUPP set_key
9 selection. Fix this by explicitly clearing the TK in case it was set
10 and an Authentication frame (seq 1) is received.
11
12 This fixes some cases where EAPOL-Key frames were sent encrypted using
13 the old key when a peer STA restarted itself and lost the key and had to
14 re-join the IBSS. Previously, that state required timing out the 4-way
15 handshake and Deauthentication frame exchange to recover.
16
17 Signed-off-by: Jouni Malinen <j@w1.fi>
18 ---
19
20 --- a/wpa_supplicant/ibss_rsn.c
21 +++ b/wpa_supplicant/ibss_rsn.c
22 @@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
23 MAC2STR(addr));
24
25 if (peer &&
26 + peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
27 + IBSS_RSN_SET_PTK_AUTH)) {
28 + /* Clear the TK for this pair to allow recovery from the case
29 + * where the peer STA has restarted and lost its key while we
30 + * still have a pairwise key configured. */
31 + wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
32 + MACSTR, MAC2STR(addr));
33 + wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
34 + NULL, 0, NULL, 0);
35 + }
36 +
37 + if (peer &&
38 peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
39 if (peer->own_auth_tx.sec) {
40 struct os_reltime now, diff;