PMKSA: Make sure reauth time is not greater than expiration time
While creating a cloned PMKSA entry for OKC both expiration and reauth_time values are set to maximum values, but later only the expiration time is copied from the old PMKSA entry to the new PMKSA entry. Due to this there is a possibility of reauth_time becoming greater than expiration time in some cloned entries. To avoid this copy reauth_time also to the cloned entry. Also, add check to reject control interface commands with reauth time greater than expiration time. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This commit is contained in:
Veerendranath Jakkam
Jouni Malinen
parent
2fdd40ae2d
commit
6f634b0032
2 changed files with 4 additions and 0 deletions
|
|
@ -378,6 +378,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
|
|||
{
|
||||
struct rsn_pmksa_cache_entry *new_entry;
|
||||
os_time_t old_expiration = old_entry->expiration;
|
||||
os_time_t old_reauth_time = old_entry->reauth_time;
|
||||
const u8 *pmkid = NULL;
|
||||
|
||||
if (wpa_key_mgmt_sae(old_entry->akmp) ||
|
||||
|
|
@ -394,6 +395,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
|
|||
|
||||
/* TODO: reorder entries based on expiration time? */
|
||||
new_entry->expiration = old_expiration;
|
||||
new_entry->reauth_time = old_reauth_time;
|
||||
new_entry->opportunistic = 1;
|
||||
|
||||
return new_entry;
|
||||
|
|
|
|||
|
|
@ -10624,6 +10624,8 @@ static int wpas_ctrl_iface_pmksa_add(struct wpa_supplicant *wpa_s,
|
|||
if (sscanf(pos, "%d %d %d %d", &reauth_time, &expiration,
|
||||
&entry->akmp, &entry->opportunistic) != 4)
|
||||
goto fail;
|
||||
if (reauth_time > expiration)
|
||||
goto fail;
|
||||
for (i = 0; i < 4; i++) {
|
||||
pos = os_strchr(pos, ' ');
|
||||
if (!pos) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue