diff options
| author | Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | 2017-09-29 04:22:51 +0200 |
|---|---|---|
| committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-10-19 21:53:11 +0300 |
| commit | a2e9d51c26fc147881bc88a4324ea95b56c5fedd (patch) | |
| tree | 7aa324f16e0543a2ad839ef517424720f7fc52f9 /src/common | |
| parent | 64eb214c2812b920cd9df1876fa6126e30ee284f (diff) | |
| download | android_external_wpa_supplicant_8-a2e9d51c26fc147881bc88a4324ea95b56c5fedd.tar.gz android_external_wpa_supplicant_8-a2e9d51c26fc147881bc88a4324ea95b56c5fedd.tar.bz2 android_external_wpa_supplicant_8-a2e9d51c26fc147881bc88a4324ea95b56c5fedd.zip | |
Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Change-Id: I6b5f6f2a1c0495575eb5a1576462768ddc89f09c
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/wpa_common.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 504ec2da..d42ac926 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -213,6 +213,7 @@ struct wpa_ptk { size_t kck_len; size_t kek_len; size_t tk_len; + int installed; /* 1 if key has already been installed to driver */ }; struct wpa_gtk { |