[PATCH] Fix race conditions in the WPA group-key state machine
Jouni Malinen
j at w1.fi
Tue Mar 18 10:58:39 EDT 2008
On Thu, Mar 06, 2008 at 09:18:46AM +0200, Uri Simchoni wrote:
> Working with madwifi driver, we've encountered some rare conditions in
> which clients can't receive WPA-encrypted multicast packets. This has
> become a more serious lately since Windows Vista uses broadcast packets
> for DHCP by default.
>
> After digging into it for a while, we realized that the group-key state
> machine was stuck in the SETKEYS state, meaning that it negotiates a new
> group key, but doesn't activate the key at the driver. Further
> investigation showed that the GNoStations variable got negative.
Thanks for reporting this.
> The supplied patch (against 0.4.10, sorry...) fixes these issues, and
> also remove the reliance on GNoStations, because it looks like a
> not-very-robust way to determine how many stations need to negotiate
> group key (although it's based on the standard...)
I replaced the group key update management with a more robust mechanism
about a month ago (the new version is included in 0.5.10). It uses a bit
different solution when compared to your patch, but I would expect the
end result to be quite similar since GNoStations variable was removed
completely and only the stations that are really active and ready for
group key update are include in the dynamic count.
I haven't ported the patch to 0.4.x branch yet, but I would prefer to
use the same solution in all branches to minimize amount of code to
maintain in the future.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list