[RFC PATCH] pmksa: don't evict active entry when adding new ones

Jouni Malinen j at w1.fi
Fri Aug 10 11:11:36 EDT 2012

On Mon, Aug 06, 2012 at 11:30:02AM -0500, Dan Williams wrote:
> If the PMKSA cache is full (ie, 32 candidates have been seen in scan
> results and have not yet expired) then any additional entries can
> potentially evict the current/active entry (if it is the first entry),
> which triggers a pointless local deauthentication.  The supplicant
> shouldn't replace the current/active entry if it is still valid, but
> instead the oldest entry that is *not* the current/active one.


> Does this patch look correct?  I haven't runtime tested it yet, but
> that's in the process of being done.  Somebody double-check my
> linked-list logic, please :)

List handling was fine, but this patch is not enough on its own since
sm->cur_pmksa may be NULL and the check here for an active entry could
have failed. I applied this and then another commit that updates
sm->cur_pmksa when adding the initial SA entry. This seemed to address
the issue.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list