Patchwork wpa_auth: Fix race in rejecting 4way handshake for entropy

login
register
mail settings
Submitter Nicolas Cavallari
Date Jan. 25, 2012, 5:21 p.m.
Message ID <1327512113-9827-1-git-send-email-cavallar@lri.fr>
Download mbox | patch
Permalink /patch/137799/
State Accepted
Commit 40d00d2bfe86ceacf918018c9e322860c746465e
Headers show

Comments

Nicolas Cavallari - Jan. 25, 2012, 5:21 p.m.
When there is not enough entropy and they are two station associating
at the same time, then one of the station will be rejected, but during
that rejection, it will clear the "reject_4way_hs_for_entropy" flag, so
the second one will not be rejected, so it may complete a 4 Way
Handshake with a GTK that will be cleared as soon as more entropy are
available and another station connects.

This rework the logic to ban all 4way handshake until enough entropy
is available.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
---
 src/ap/wpa_auth.c |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)
Jouni Malinen - Jan. 29, 2012, 4:14 p.m.
On Wed, Jan 25, 2012 at 06:21:53PM +0100, Nicolas Cavallari wrote:
> When there is not enough entropy and they are two station associating
> at the same time, then one of the station will be rejected, but during
> that rejection, it will clear the "reject_4way_hs_for_entropy" flag, so
> the second one will not be rejected, so it may complete a 4 Way
> Handshake with a GTK that will be cleared as soon as more entropy are
> available and another station connects.
> 
> This rework the logic to ban all 4way handshake until enough entropy
> is available.

Thanks! Applied.

Patch

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c4d77bf..34e3664 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -966,9 +966,7 @@  continue_processing:
 			wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to "
 				   "collect more entropy for random number "
 				   "generation");
-			sm->group->reject_4way_hs_for_entropy = FALSE;
 			random_mark_pool_ready();
-			sm->group->first_sta_seen = FALSE;
 			wpa_sta_disconnect(wpa_auth, sm->addr);
 			return;
 		}
@@ -1614,9 +1612,11 @@  SM_STATE(WPA_PTK, AUTHENTICATION)
 }
 
 
-static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
-				    struct wpa_group *group)
+static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
+				  struct wpa_group *group)
 {
+	if (group->first_sta_seen)
+		return;
 	/*
 	 * System has run bit further than at the time hostapd was started
 	 * potentially very early during boot up. This provides better chances
@@ -1630,7 +1630,11 @@  static void wpa_group_first_station(struct wpa_authenticator *wpa_auth,
 		wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool "
 			   "to proceed - reject first 4-way handshake");
 		group->reject_4way_hs_for_entropy = TRUE;
+	} else {
+		group->first_sta_seen = TRUE;
+		group->reject_4way_hs_for_entropy = FALSE;
 	}
+
 	wpa_group_init_gmk_and_counter(wpa_auth, group);
 	wpa_gtk_update(wpa_auth, group);
 	wpa_group_config_group_keys(wpa_auth, group);
@@ -1641,10 +1645,7 @@  SM_STATE(WPA_PTK, AUTHENTICATION2)
 {
 	SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk);
 
-	if (!sm->group->first_sta_seen) {
-		wpa_group_first_station(sm->wpa_auth, sm->group);
-		sm->group->first_sta_seen = TRUE;
-	}
+	wpa_group_ensure_init(sm->wpa_auth, sm->group);
 
 	os_memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN);
 	wpa_hexdump(MSG_DEBUG, "WPA: Assign ANonce", sm->ANonce,