Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Do not try session resumption after EAP failure

If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
Jouni Malinen 16 years ago
parent
c511c8c6e0
commit
f2d8fc3d96
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      src/eap_peer/eap.c
  2. 2 0
      src/eap_peer/eap_i.h

+ 5 - 1
src/eap_peer/eap.c
View File 

@@ -134,7 +134,8 @@ SM_STATE(EAP, INITIALIZE)
 
 {
 
 	SM_ENTRY(EAP, INITIALIZE);
 
 	if (sm->fast_reauth && sm->m && sm->m->has_reauth_data &&
 
-	    sm->m->has_reauth_data(sm, sm->eap_method_priv)) {
 
+	    sm->m->has_reauth_data(sm, sm->eap_method_priv) &&
 
+	    !sm->prev_failure) {
 
 		wpa_printf(MSG_DEBUG, "EAP: maintaining EAP method data for "
 
 			   "fast reauthentication");
 
 		sm->m->deinit_for_reauth(sm, sm->eap_method_priv);
 
@@ -165,6 +166,7 @@ SM_STATE(EAP, INITIALIZE)
 
 	eapol_set_bool(sm, EAPOL_eapResp, FALSE);
 
 	eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
 
 	sm->num_rounds = 0;
 
+	sm->prev_failure = 0;
 
 }
 
 
 
@@ -505,6 +507,8 @@ SM_STATE(EAP, FAILURE)
 
 
 	wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
 
 		"EAP authentication failed");
 
+
 
+	sm->prev_failure = 1;
 
 }

+ 2 - 0
src/eap_peer/eap_i.h
View File 

@@ -333,6 +333,8 @@ struct eap_sm {
 
 	int force_disabled;
 
 
 	struct wps_context *wps;
 
+
 
+	int prev_failure;
 
 };
 
 
 const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len);