aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-03-12 09:18:57 (GMT)
committerJouni Malinen <j@w1.fi>2008-03-12 09:18:57 (GMT)
commit58a98fb027351ee6b6d6eab557500ac644f3cdf0 (patch)
tree537bab536f70e8e722b4a5e37408ec8b1316d209 /src/rsn_supp
parent748e54937d766a92cc1205b6a56315cf983334fb (diff)
downloadhostap-06-58a98fb027351ee6b6d6eab557500ac644f3cdf0.zip
hostap-06-58a98fb027351ee6b6d6eab557500ac644f3cdf0.tar.gz
hostap-06-58a98fb027351ee6b6d6eab557500ac644f3cdf0.tar.bz2
Delete PTK SA on (re)association if this is not part of a Fast BSS
Transition. This fixes a potential issue where an incorrectly behaving AP could send a group key update using the old (now invalid after reassociate) PTK. This could also happen if there is a race condition between reporting received EAPOL frames and association events.
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/wpa.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3a0fa12..1dada92 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1859,6 +1859,8 @@ void wpa_sm_deinit(struct wpa_sm *sm)
*/
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
{
+ int clear_ptk = 1;
+
if (sm == NULL)
return;
@@ -1871,15 +1873,25 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
rsn_preauth_deinit(sm);
#ifdef CONFIG_IEEE80211R
- if ((sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
- sm->key_mgmt == WPA_KEY_MGMT_FT_PSK) &&
- wpa_ft_is_completed(sm)) {
+ if (wpa_ft_is_completed(sm)) {
wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(sm);
+
+ clear_ptk = 0;
}
#endif /* CONFIG_IEEE80211R */
+
+ if (clear_ptk) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+ */
+ wpa_printf(MSG_DEBUG, "WPA: Clear old PTK");
+ sm->ptk_set = 0;
+ sm->tptk_set = 0;
+ }
}