Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Clear RSN timers for preauth and PTK rekeying on disassociation

Previously, it was possible for the wpa_sm_start_preauth() and
wpa_sm_rekey_ptk() eloop callbacks to remain active after disconnection
and potentially continue to be used for the next association. This is
not correct behavior, so explicitly cancel these timeouts to avoid
unexpected attempts to complete RSN preauthentication or to request PTK
to be rekeyed.

It was possible to trigger this issue, e.g., by running the following
hwsim test case sequence: ap_wpa2_ptk_rekey ap_ft_sae_over_ds

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
9cc223c2f5
commit
ac8e074ec1
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/rsn_supp/wpa.c

+ 2 - 0
src/rsn_supp/wpa.c
View File 

@@ -2282,6 +2282,8 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
 
  */
 
 void wpa_sm_notify_disassoc(struct wpa_sm *sm)
 
 {
 
+	eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
 
+	eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
 
 	peerkey_deinit(sm);
 
 	rsn_preauth_deinit(sm);
 
 	pmksa_cache_clear_current(sm);