From f5e0a3324bf3fbf3bfab36fab09ab0adf87ede59 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 2 Mar 2018 12:13:16 +0200 Subject: [PATCH] SAE: Fix potential infinite loop in mismatching PMK case on AP Commit e61fea6b467bec0702096c795b06195584d32a6c ('SAE: Fix PMKSA caching behavior in AP mode') modified the PSK fetching loop to not override PMK in case of SAE with PMKSA caching. However, that commit missed the error path cases where there is need to break from the loop with exact negative of the check in the beginning of the loop. This could result in hitting an infinite loop in hostapd if a station derived a different PMK value from otherwise successfully completed SAE authentication or if a STA used a different PMK with a PMKSA caching attempt after a previously completed successful authentication. Fix this by adding the matching break condition on SAE AKM within the loops. Fixes: e61fea6b467b ("SAE: Fix PMKSA caching behavior in AP mode") Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index ccb21fe4c..9b287af9e 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -881,7 +881,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data, break; } - if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) + if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) || + wpa_key_mgmt_sae(sm->wpa_key_mgmt)) break; } @@ -2680,7 +2681,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) } #endif /* CONFIG_FILS */ - if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) + if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) || + wpa_key_mgmt_sae(sm->wpa_key_mgmt)) break; }