hostapd: RSN 4-way handshake issue with Cisco WET200 client

Helmut Schaa helmut.schaa at googlemail.com
Mon Jan 23 07:57:39 EST 2012


Hi,

On Sun, Jan 22, 2012 at 11:26 AM, Jouni Malinen <j at w1.fi> wrote:
> It looks like we need to do that taken into account that this issue has
> apparently been reported with number of deployed devices. I would have
> preferred not doing this, but well, since lack of the validation should
> not open security issues, I committed the following change as a
> workaround for interoperability issues. Could you please confirm that it
> resolves the issue with the station device you tested with?

I've just tested your patch with the affected device, works like a charm!
Thanks.

Felix, you might want to add Jounis patch to the openwrt tree?

Helmut

>  commit 74590e710f65134522b9a654609ac38d0ce54852
>  Author: Jouni Malinen <j at w1.fi>
>  Date:   Sun Jan 22 12:23:28 2012 +0200
>
>    Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
>
>    Some deployed station implementations seem to send msg 4/4 with
>    incorrect type value in WPA2 mode. Add a workaround to ignore that issue
>    so that such stations can interoperate with hostapd authenticator. The
>    validation checks were added in commit
>    f8e96eb6fd960a017793942cff0eb43b09f444c6.
>
>    Signed-hostap: Jouni Malinen <j at w1.fi>
>
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> index 9da5609..c4d77bf 100644
> --- a/src/ap/wpa_auth.c
> +++ b/src/ap/wpa_auth.c
> @@ -795,7 +795,14 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
>        }
>
>        if (sm->wpa == WPA_VERSION_WPA2) {
> -               if (key->type != EAPOL_KEY_TYPE_RSN) {
> +               if (key->type == EAPOL_KEY_TYPE_WPA) {
> +                       /*
> +                        * Some deployed station implementations seem to send
> +                        * msg 4/4 with incorrect type value in WPA2 mode.
> +                        */
> +                       wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
> +                                  "with unexpected WPA type in RSN mode");
> +               } else if (key->type != EAPOL_KEY_TYPE_RSN) {
>                        wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
>                                   "unexpected type %d in RSN mode",
>                                   key->type);
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap


More information about the HostAP mailing list