path: root/src/ap/wpa_auth_glue.c
diff options
authorJouni Malinen <j@w1.fi>2012-11-18 11:06:03 (GMT)
committerJouni Malinen <j@w1.fi>2012-11-18 11:06:03 (GMT)
commitc772d054c2c8a4f39ccd730fca4cacd9f52097c2 (patch)
treefc556dc279302409ae34207fae995fbe8fd6adcc /src/ap/wpa_auth_glue.c
parent6366a17ce3a1e5022e8cec21b8131250f0a54bff (diff)
hostapd: Fix a regression in TKIP countermeasures processing
Commit 296a34f0c1730416bf2a61ab78690be43d82a3c0 changed hostapd to remove the internal STA entry at the beginning of TKIP countermeasures. However, this did not take into account the case where this is triggered by an EAPOL-Key error report from a station. In such a case, WPA authenticator state machine may continue processing after having processed the error report. This could result in use of freed memory. Fix this by stopping WPA processing if the STA entry got removed. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/ap/wpa_auth_glue.c')
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index bdc89e4..68fe596 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -112,10 +112,10 @@ static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
-static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
+static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
struct hostapd_data *hapd = ctx;
- michael_mic_failure(hapd, addr, 0);
+ return michael_mic_failure(hapd, addr, 0);