[PATCH] fix infinite loop in wpa_auth state machine

Jouni Malinen j at w1.fi
Sat Mar 30 13:55:33 EDT 2013


On Mon, Mar 25, 2013 at 06:41:09PM +0100, michael-dev wrote:
> when the os is out of random bytes in SM_STATE(WPA_PTK,
> AUTHENTICATION2) in ap/wpa_auth.c, hostapd sends the sm to state
> DISCONNECT without clearing ReAuthenticationRequest, resulting in an
> infinite loop. Clearing sm->ReAuthenticationRequest using gdb fixes
> the running hostapd instance for me. Also sm->Disconnect=true should
> be used instead of wpa_sta_disconnect to make sure that the
> incomplete ANonce does not get used.
> 
> Please find a patch attached that fixes this issue by resetting
> sm->ReAuthenticationRequest even if the sta gets disconnected and
> uses sm->Disconnect instead of wpa_sta_disconnect.

Thanks! Applied.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list