From 52987c350bd241d68259a98c94a172722b4d5f4c Mon Sep 17 00:00:00 2001 From: Chun-Yeow Yeoh Date: Fri, 29 Mar 2013 19:02:11 +0800 Subject: [PATCH] mesh: move the SAE state earlier Perhaps, due to reception of SAE frame from another peer while in SAE_NOTHING state. This seems to solve the following segmentation fault: authentication: STA=00:1b:b1:07:9a:2b auth_alg=3 auth_transaction=2 status_code=0 wep=0 hostapd_logger: STA 00:1b:b1:07:9a:2b - SAE confirm before commit hostapd_logger: STA 00:1b:b1:07:9a:2b - SAE authentication (RX confirm) SAE: peer-send-confirm 0 Program received signal SIGSEGV, Segmentation fault. 0xb7e48eb7 in EC_POINT_get_affine_coordinates_GFp () from /lib/i386-linux-gnu/libcrypto.so.1.0.0 (gdb) (gdb) bt at ../src/crypto/crypto_openssl.c:1133 element2=0x8114208, confirm=0xbfffed3c "\200\376\020\b\204\355\377\277") at ../src/common/sae.c:940 at ../src/ap/ieee802_11.c:524 at ../src/drivers/driver_nl80211.c:1334 ack=0x0, cookie=0x0, sig=0x8112754) at ../src/drivers/driver_nl80211.c:1518 at ../src/drivers/driver_nl80211.c:2438 Signed-off-by: Chun-Yeow Yeoh --- wpa_supplicant/mesh_rsn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index 407d92b2e..2acc2e1d5 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -269,12 +269,12 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s, sta->sae->state = SAE_NOTHING; } + sta->sae->state = SAE_COMMITTED; + buf = mesh_rsn_build_sae_commit(wpa_s, ssid, sta); if (!buf) return -1; - sta->sae->state = SAE_COMMITTED; - wpa_msg(wpa_s, MSG_DEBUG, "AUTH: started authentication with SAE peer: " MACSTR, MAC2STR(sta->addr));