Difuse/difos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hostapd: fix sta psk index for dynamic psk auth

Browse source 
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs

Fixes: b2a2c28617 ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2025-02-12 11:54:59 +01:00
parent 4779b731d4
commit 8118b2dace
2 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
package/network/services/hostapd/patches/601-ucode_support.patch
View file

@ -816,7 +816,7 @@ as adding/removing interfaces.
if (vlan_id) if (vlan_id)
*vlan_id = 0; *vlan_id = 0;
if (psk_len) if (psk_len)
@@ -449,13 +450,16 @@ static const u8 * hostapd_wpa_auth_get_p @@ -449,13 +450,18 @@ static const u8 * hostapd_wpa_auth_get_p
* returned psk which should not be returned again. * returned psk which should not be returned again.
* logic list (all hostapd_get_psk; all sta->psk) * logic list (all hostapd_get_psk; all sta->psk)
*/ */
@ -830,16 +830,23 @@ as adding/removing interfaces.
*vlan_id = 0; *vlan_id = 0;
psk = sta->psk->psk; psk = sta->psk->psk;
- for (pos = sta->psk; pos; pos = pos->next) { - for (pos = sta->psk; pos; pos = pos->next) {
+ if (vlan_id)
+ sta->psk_idx = psk_idx;
+ for (pos = sta->psk; pos; pos = pos->next, psk_idx++) { + for (pos = sta->psk; pos; pos = pos->next, psk_idx++) {
if (pos->is_passphrase) { if (pos->is_passphrase) {
if (pbkdf2_sha1(pos->passphrase, if (pbkdf2_sha1(pos->passphrase,
hapd->conf->ssid.ssid, hapd->conf->ssid.ssid,
@@ -472,6 +476,8 @@ static const u8 * hostapd_wpa_auth_get_p @@ -469,9 +475,13 @@ static const u8 * hostapd_wpa_auth_get_p
}
if (pos->psk == prev_psk) {
psk = pos->next ? pos->next->psk : NULL;
+ if (vlan_id)
+ sta->psk_idx = psk_idx + 1;
break; break;
} }
} }
+ if (psk) + if (vlan_id && !psk)
+ sta->psk_idx = psk_idx; + sta->psk_idx = 0;
} }
return psk; return psk;
} }

2
package/network/services/hostapd/patches/730-ft_iface.patch
View file

@ -29,7 +29,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly
int bridge_hairpin; /* hairpin_mode on bridge members */ int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c --- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c
@@ -1825,8 +1825,12 @@ int hostapd_setup_wpa(struct hostapd_dat @@ -1829,8 +1829,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) { wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface; const char *ft_iface;