diff options
authorJouni Malinen <j@w1.fi>2008-02-06 03:55:07 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-06 03:55:07 (GMT)
commit8c0dad4904474016c373573414c8e16ba51e88ad (patch)
parent02602c237d709b9eeef2f49e39436e93c24b1ce6 (diff)
Fixed EAPOL not to end up in infinite loop with dynamic WEP keys
eapol_sm_notify_lower_layer_success() was modified in 0.6.x to call eapol_sm_step(). This was fine for WPA-Enterprise case, but the IEEE 802.1X with dynamic WEP was calling eapol_sm_notify_lower_layer_success() from inside the EAPOL state machine and the extra call to eapol_sm_step() triggered an infinite loop with eapol_sm_processKey(). This is now avoided by telling eapol_sm_notify_lower_layer_success() whether the caller is already in EAPOL state machine loop.
4 files changed, 12 insertions, 6 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 9647e03..19d6363 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -670,7 +670,7 @@ static void eapol_sm_processKey(struct eapol_sm *sm)
hdr->version, hdr->type, be_to_host16(hdr->length),
key->type, rx_key_length, key->key_index);
- eapol_sm_notify_lower_layer_success(sm);
+ eapol_sm_notify_lower_layer_success(sm, 1);
sign_key_len = IEEE8021X_SIGN_KEY_LEN;
encr_key_len = IEEE8021X_ENCR_KEY_LEN;
res = eapol_sm_get_key(sm, (u8 *) &keydata, sizeof(keydata));
@@ -1560,17 +1560,20 @@ void eapol_sm_request_reauth(struct eapol_sm *sm)
* eapol_sm_notify_lower_layer_success - Notification of lower layer success
* @sm: Pointer to EAPOL state machine allocated with eapol_sm_init()
+ * @in_eapol_sm: Whether the caller is already running inside EAPOL state
+ * machine loop (eapol_sm_step())
* Notify EAPOL (and EAP) state machines that a lower layer has detected a
* successful authentication. This is used to recover from dropped EAP-Success
* messages.
-void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm)
+void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm)
if (sm == NULL)
- eapol_sm_step(sm);
+ if (!in_eapol_sm)
+ eapol_sm_step(sm);
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 8918ca6..719fbd3 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -241,7 +241,7 @@ void eapol_sm_notify_portControl(struct eapol_sm *sm, PortControl portControl);
void eapol_sm_notify_ctrl_attached(struct eapol_sm *sm);
void eapol_sm_notify_ctrl_response(struct eapol_sm *sm);
void eapol_sm_request_reauth(struct eapol_sm *sm);
-void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm);
+void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm, int in_eapol_sm);
void eapol_sm_invalidate_cached_session(struct eapol_sm *sm);
#else /* IEEE8021X_EAPOL */
static inline struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
@@ -323,7 +323,8 @@ static inline void eapol_sm_notify_ctrl_response(struct eapol_sm *sm)
static inline void eapol_sm_request_reauth(struct eapol_sm *sm)
-static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm)
+static inline void eapol_sm_notify_lower_layer_success(struct eapol_sm *sm,
+ int in_eapol_sm)
static inline void eapol_sm_invalidate_cached_session(struct eapol_sm *sm)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index ea1ff1a..06b76f6 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1447,7 +1447,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
- eapol_sm_notify_lower_layer_success(sm->eapol);
+ eapol_sm_notify_lower_layer_success(sm->eapol, 0);
wpa_hexdump(MSG_MSGDUMP, "WPA: RX EAPOL-Key", tmp, len);
if (data_len < len) {
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 3355d3e..56810e4 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -21,6 +21,8 @@ ChangeLog for wpa_supplicant
can be used to iterate through the scan results one BSS at the time)
* fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
attributes in EAP-SIM Start/Response when using fast reauthentication
+ * fixed EAPOL not to end up in infinite loop when processing dynamic
+ WEP keys with IEEE 802.1X
2008-01-01 - v0.6.2
* added support for Makefile builds to include debug-log-to-a-file