Hostapd Preauthentication Segfault

Simi Winiker simi at winiker.ch
Fri Aug 6 09:47:20 EDT 2004


Hello all,

I tried to use 802.11i RSN with EAP-TLS and pre-authentication, but
hostapd segfaults after succesful pre-auth. I used the CVS version as well
as 0.2.3 and 0.2.4, always the same error.

I have the following setup:
2 APs with hostapd and station firmware 1.7.4
One laptop associating and authenticating to one of those APs, then doing
pre-auth on the other one.

Wpa_supplicant reports success on the pre-auth, and also updates the PMKSA
cache.

The segmentation fault is always reproduceable, if the hostapd on the AP
is started after the client. I appended the debugging output of hostapd.

I also tried to isolate the in the code, what causes the segfault, and it
seems, that the it happens in the rsn_preauth_finished function in wpa.c:


void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
                          int success)
{
        u8 *key;
        size_t len;
        hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA,
                       HOSTAPD_LEVEL_INFO, "pre-authentication %s",
                       success ? "succeeded" : "failed");

        key = ieee802_1x_get_key_crypt(sta->eapol_sm, &len);
        if (success && key) {
                pmksa_cache_add(hapd, sta, key,dot11RSNAConfigPMKLifetime);
        }

----->  ap_free_sta(hapd, sta);
}


By commenting this line out, the segfault disappears, and
preauthentication seems to proceed as expected. But can someone please
explain, how a handover can be triggered manually for further testing of
the preauthentication?

Thx

Simi



-------------- next part --------------
A non-text attachment was scrubbed...
Name: preauth_segfault_bruce.log
Type: application/octet-stream
Size: 10793 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20040806/8039846b/attachment.obj 


More information about the HostAP mailing list