Hostapd Preauthentication Segfault
jkmaline at cc.hut.fi
Sun Aug 29 18:13:04 EDT 2004
On Fri, Aug 06, 2004 at 03:47:20PM +0200, Simi Winiker wrote:
> I tried to use 802.11i RSN with EAP-TLS and pre-authentication, but
> hostapd segfaults after succesful pre-auth. I used the CVS version as well
> as 0.2.3 and 0.2.4, always the same error.
> I also tried to isolate the in the code, what causes the segfault, and it
> seems, that the it happens in the rsn_preauth_finished function in wpa.c:
> void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta,
> int success)
> -----> ap_free_sta(hapd, sta);
> By commenting this line out, the segfault disappears, and
> preauthentication seems to proceed as expected.
This line was indeed triggering the segfault. However, commenting it out
is not the correct fix for this; the STA entry is supposed to be removed
at this point.
EAPOL state machine was running at this point and it was not prepared
for STA entry disappearing while eapol_sm_step() function continued
running. I added a workaround code for the state machine to abort if the
STA entry is removed. This removed the segfault in end of the
Jouni Malinen PGP id EFC895FA
More information about the HostAP