Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Decrement GKeyDoneStations in WPA authenticator when STA is freed

If the STA to be freed is still included in GKeyDoneStations count,
decrement the count when the STA is freed. This does not happen in
AP mode since there is enough time to go through the authenticator
state machine to clear the STA. However, in the current RSN IBSS
implementation, the authenticator state for the STA is freed in a
way that does not allow the state machine to go through the clearing.
To address this, make sure that wpa_free_sta_sm() decrements the
GKeyDoneStations count if the STA happened to be in the process of
GTK rekeying.
Jouni Malinen 14 years ago
parent
ef985058f4
commit
2ade8ef296
1 changed files with 4 additions and 0 deletions
Unified View Show Diff Stats
  1. 4 0
      src/ap/wpa_auth.c

+ 4 - 0
src/ap/wpa_auth.c
View File 

@@ -574,6 +574,10 @@ void wpa_auth_sta_no_wpa(struct wpa_state_machine *sm)
 
 
 
 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
 
 static void wpa_free_sta_sm(struct wpa_state_machine *sm)
 
 {
 
 {
 
+	if (sm->GUpdateStationKeys) {
 
+		sm->group->GKeyDoneStations--;
 
+		sm->GUpdateStationKeys = FALSE;
 
+	}
 
 #ifdef CONFIG_IEEE80211R
 
 #ifdef CONFIG_IEEE80211R
 
 	os_free(sm->assoc_resp_ftie);
 
 	os_free(sm->assoc_resp_ftie);
 
 #endif /* CONFIG_IEEE80211R */
 
 #endif /* CONFIG_IEEE80211R */