Hostapd Preauthentication Segfault
Jouni Malinen
jkmaline at cc.hut.fi
Sun Aug 29 18:13:04 EDT 2004
On Fri, Aug 06, 2004 at 03:47:20PM +0200, Simi Winiker wrote:
> I tried to use 802.11i RSN with EAP-TLS and pre-authentication, but
> hostapd segfaults after succesful pre-auth. I used the CVS version as well
> as 0.2.3 and 0.2.4, always the same error.
> I also tried to isolate the in the code, what causes the segfault, and it
> seems, that the it happens in the rsn_preauth_finished function in wpa.c:
> void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
> int success)
> {
> -----> ap_free_sta(hapd, sta);
> }
> By commenting this line out, the segfault disappears, and
> preauthentication seems to proceed as expected.
This line was indeed triggering the segfault. However, commenting it out
is not the correct fix for this; the STA entry is supposed to be removed
at this point.
EAPOL state machine was running at this point and it was not prepared
for STA entry disappearing while eapol_sm_step() function continued
running. I added a workaround code for the state machine to abort if the
STA entry is removed. This removed the segfault in end of the
pre-authentication.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list