wpa_supplicant disconnect bug
Jouni Malinen
jkmaline at cc.hut.fi
Sat Aug 26 21:42:33 EDT 2006
On Thu, Aug 17, 2006 at 10:01:02PM -0700, Chris Zimmermann wrote:
> In wpa_supplicant version 0.5.4,
> the file events.c,
> the function wpa_supplicant_event_disassoc()
> wpa_supplicant_mark_disassoc(wpa_s);
> wpa_clear_keys(wpa_s, wpa_s->bssid);
> However, the function, wpa_supplicant_mark_disassoc() ends up setting
> the field wpa_s->bssid to all zeros (00:00:00:00:00:00). When you
> call wpa_clear_keys() after this, the PTK is not really cleared.
> This leads to the inability to renegotiate WPA PTK, because the
> message 2/4 will go out encrypted and the authenticator will never
> get the message.
Thanks for reporting this. Many drivers don't care about this, but this
is indeed incorrect behavior.
> Changing the call to use a cached version of the BSSID held by
> wpa_supplicant_event_disassoc() corrects this issue.
Yes, but even simpler fix is to just move
wpa_supplicant_mark_disassoc() to be called after wpa_clear_keys(). This
is now in the development branch.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list