An issue with supplicant receiving retranmitted M3

Jouni Malinen j at w1.fi
Thu Oct 1 15:46:58 EDT 2015


On Mon, Sep 28, 2015 at 07:06:27AM +0000, Atul Joshi wrote:
> 	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
> 	 * for the next 4-Way Handshake. If msg 3 is received again, the old
> 	 * SNonce will still be used to avoid changing PTK. */
> 
> But in function wpa_supplicant_install_ptk immediately after wpa_sm_set_key
> We see that
> /* TK is not needed anymore in supplicant */
> 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
> 
> This would mean that at step (4) above, the PTK is cleaned and we install it as 0 again in (6).
> I think the PKT should not be cleared..

Thanks for pointing this out. The TK can be cleared here as long as the
extra attempt to configure the same TK to the driver are skipped. This
commit does that:
http://w1.fi/cgit/hostap/commit/?id=ad00d64e7d8827b3cebd665a0ceb08adabf15e1e

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list