hurricos/openwrt-mirror
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2025-12-14 00:22:09 -05:00
Code Issues Projects Releases Wiki Activity

hostapd: fix sta psk index for dynamic psk auth

Browse Source 
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs

Fixes: b2a2c28617 ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8118b2dace)
This commit is contained in:
Felix Fietkau 2025-02-12 11:54:59 +01:00
parent 7955545469
commit cb4d2b3fb2
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
package/network/services/hostapd/patches/601-ucode_support.patch
View File

@ -816,7 +816,7 @@ as adding/removing interfaces.
if (vlan_id) if (vlan_id)
*vlan_id = 0; *vlan_id = 0;
if (psk_len) if (psk_len)
@@ -446,13 +447,16 @@ static const u8 * hostapd_wpa_auth_get_p @@ -446,13 +447,18 @@ static const u8 * hostapd_wpa_auth_get_p
* returned psk which should not be returned again. * returned psk which should not be returned again.
* logic list (all hostapd_get_psk; all sta->psk) * logic list (all hostapd_get_psk; all sta->psk)
*/ */
@ -830,16 +830,23 @@ as adding/removing interfaces.
*vlan_id = 0; *vlan_id = 0;
psk = sta->psk->psk; psk = sta->psk->psk;
- for (pos = sta->psk; pos; pos = pos->next) { - for (pos = sta->psk; pos; pos = pos->next) {
+ if (vlan_id)
+ sta->psk_idx = psk_idx;
+ for (pos = sta->psk; pos; pos = pos->next, psk_idx++) { + for (pos = sta->psk; pos; pos = pos->next, psk_idx++) {
if (pos->is_passphrase) { if (pos->is_passphrase) {
if (pbkdf2_sha1(pos->passphrase, if (pbkdf2_sha1(pos->passphrase,
hapd->conf->ssid.ssid, hapd->conf->ssid.ssid,
@@ -469,6 +473,8 @@ static const u8 * hostapd_wpa_auth_get_p @@ -466,9 +472,13 @@ static const u8 * hostapd_wpa_auth_get_p
}
if (pos->psk == prev_psk) {
psk = pos->next ? pos->next->psk : NULL;
+ if (vlan_id)
+ sta->psk_idx = psk_idx + 1;
break; break;
} }
} }
+ if (psk) + if (vlan_id && !psk)
+ sta->psk_idx = psk_idx; + sta->psk_idx = 0;
} }
return psk; return psk;
} }

2
package/network/services/hostapd/patches/730-ft_iface.patch
View File

@ -29,7 +29,7 @@ a VLAN interface on top of the bridge, instead of using the bridge directly
int bridge_hairpin; /* hairpin_mode on bridge members */ int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c --- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c
@@ -1821,8 +1821,12 @@ int hostapd_setup_wpa(struct hostapd_dat @@ -1825,8 +1825,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) { wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface; const char *ft_iface;

2
package/network/services/hostapd/patches/803-hostapd-fix-80211be-build.patch
View File

@ -25,7 +25,7 @@
+ +
--- a/src/ap/sta_info.h --- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h +++ b/src/ap/sta_info.h
@@ -409,23 +409,8 @@ int ap_sta_re_add(struct hostapd_data *h @@ -408,23 +408,8 @@ int ap_sta_re_add(struct hostapd_data *h
void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta); void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta);