wap_supplicant only gets to "Sending EAPOL-Key 2/4"
jkmaline at cc.hut.fi
Sun Sep 12 14:40:06 EDT 2004
On Sun, Sep 12, 2004 at 01:19:58PM -0400, Matt McHenry wrote:
> I'm using ndiswrapper 0.10 to load the driver provided on the
> installation CD (bcmw15.[inf|sys]).
> WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02
> 01 00 00
> 50 f2 02 01 00 00 50 f2 02
> Wireless event: cmd=0x8c02 len=159
> Custom wireless event:
That ReqIEs string looks truncated. The last information element,
dd160050f20101000050f2, has only 9 bytes of data (0050..f2) even though
its length field indicates that there should be 22 bytes. In other
words, it looks like the driver (NDIS or ndiswrapper) has truncated the
data. Based on this, I would direct this to ndiswrapper mailing lists.
However, thanks for reporting this here, since this also showed a bug in
wpa_supplicant: it should reject that kind of ReqIEs report and complain
loadly about it.
This truncated WPA IE ended up in wpa_supplicant using corrupted WPA IE
in the msg 2/4. WPA APs are supposed to drop that kind of packets and
are likely to deauthenticate the STA.
Jouni Malinen PGP id EFC895FA
More information about the HostAP