* [PATCH v3 1/4] station: check return of handshake_state_set_pmksa
@ 2026-03-09 16:57 James Prestwood
2026-03-09 16:57 ` [PATCH v3 2/4] auto-t: refactor testSAE-roam into connect/roam functions James Prestwood
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: James Prestwood @ 2026-03-09 16:57 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
If this fails num_pmkids and pmkids would get set, but to an
uninitialized buffer. This would then fail to build the handshake
object later when copying the PMKID.
---
src/station.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/station.c b/src/station.c
index 50997f5f..fdd4cda5 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1378,9 +1378,10 @@ build_ie:
bss->ssid, bss->ssid_len,
info.akm_suites);
if (pmksa) {
- handshake_state_set_pmksa(hs, pmksa);
- info.num_pmkids = 1;
- info.pmkids = hs->pmksa->pmkid;
+ if (!L_WARN_ON(!handshake_state_set_pmksa(hs, pmksa))) {
+ info.num_pmkids = 1;
+ info.pmkids = hs->pmksa->pmkid;
+ }
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v3 2/4] auto-t: refactor testSAE-roam into connect/roam functions
2026-03-09 16:57 [PATCH v3 1/4] station: check return of handshake_state_set_pmksa James Prestwood
@ 2026-03-09 16:57 ` James Prestwood
2026-03-09 16:57 ` [PATCH v3 3/4] auto-t: Add test to roam back to BSS with existing PMKSA James Prestwood
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2026-03-09 16:57 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
This makes adding roaming tests easier if they don't strictly conform
to the existing test structure. By adding connect/roam helpers future
tests will have a bit more control on whats being tested.
---
autotests/testSAE-roam/connection_test.py | 62 +++++++++--------------
1 file changed, 25 insertions(+), 37 deletions(-)
diff --git a/autotests/testSAE-roam/connection_test.py b/autotests/testSAE-roam/connection_test.py
index 718bfd77..c813f00f 100644
--- a/autotests/testSAE-roam/connection_test.py
+++ b/autotests/testSAE-roam/connection_test.py
@@ -13,73 +13,61 @@ import testutil
from config import ctx
class Test(unittest.TestCase):
- def validate_connection(self, wd, ft=True, check_used_pmksa=False):
- device = wd.list_devices(1)[0]
-
+ def connect(self, wd, device, hapd):
# This won't guarantee all BSS's are found, but at least ensures that
# at least one will be.
device.get_ordered_network('TestFT', full_scan=True)
- self.assertFalse(self.bss_hostapd[0].list_sta())
- self.assertFalse(self.bss_hostapd[1].list_sta())
+ self.assertFalse(hapd.list_sta())
- device.connect_bssid(self.bss_hostapd[0].bssid)
+ device.connect_bssid(hapd.bssid)
condition = 'obj.state == DeviceState.connected'
wd.wait_for_object_condition(device, condition)
- self.bss_hostapd[0].wait_for_event('AP-STA-CONNECTED %s' % device.address)
+ hapd.wait_for_event('AP-STA-CONNECTED %s' % device.address)
self.assertFalse(self.bss_hostapd[1].list_sta())
testutil.test_iface_operstate(device.name)
- testutil.test_ifaces_connected(self.bss_hostapd[0].ifname, device.name)
- self.assertRaises(Exception, testutil.test_ifaces_connected,
- (self.bss_hostapd[1].ifname, device.name, True, True))
+ testutil.test_ifaces_connected(hapd.ifname, device.name)
- # If PMKSA was used, hostapd should not include the sae_group key in
- # its status for the station.
- sta_status = self.bss_hostapd[0].sta_status(device.address)
- if check_used_pmksa:
- self.assertNotIn("sae_group", sta_status.keys())
- else:
- self.assertIn("sae_group", sta_status.keys())
+ def roam(self, wd, device, hapd_from, hapd_to):
+ device.roam(hapd_to.bssid)
- device.roam(self.bss_hostapd[1].bssid)
-
- # Check that iwd is on BSS 1 once out of roaming state and doesn't
+ # Check that iwd is on hapd_to once out of roaming state and doesn't
# go through 'disconnected', 'autoconnect', 'connecting' in between
from_condition = 'obj.state == DeviceState.roaming'
to_condition = 'obj.state == DeviceState.connected'
wd.wait_for_object_change(device, from_condition, to_condition)
- self.bss_hostapd[1].wait_for_event('AP-STA-CONNECTED %s' % device.address)
+ hapd_to.wait_for_event('AP-STA-CONNECTED %s' % device.address)
testutil.test_iface_operstate(device.name)
- testutil.test_ifaces_connected(self.bss_hostapd[1].ifname, device.name)
+ testutil.test_ifaces_connected(hapd_to.ifname, device.name)
self.assertRaises(Exception, testutil.test_ifaces_connected,
- (self.bss_hostapd[0].ifname, device.name, True, True))
+ (hapd_from.ifname, device.name, True, True))
- if not ft:
- return
- device.roam(self.bss_hostapd[2].bssid)
+ def validate_connection(self, wd, ft=True, check_used_pmksa=False):
+ device = wd.list_devices(1)[0]
- condition = 'obj.state == DeviceState.roaming'
- wd.wait_for_object_condition(device, condition)
+ self.connect(wd, device, self.bss_hostapd[0])
- condition = 'obj.state != DeviceState.roaming'
- wd.wait_for_object_condition(device, condition)
+ # If PMKSA was used, hostapd should not include the sae_group key in
+ # its status for the station.
+ sta_status = self.bss_hostapd[0].sta_status(device.address)
+ if check_used_pmksa:
+ self.assertNotIn("sae_group", sta_status.keys())
+ else:
+ self.assertIn("sae_group", sta_status.keys())
- condition = 'obj.state == DeviceState.connected'
- wd.wait_for_object_condition(device, condition)
+ self.roam(wd, device, self.bss_hostapd[0], self.bss_hostapd[1])
- self.bss_hostapd[2].wait_for_event('AP-STA-CONNECTED %s' % device.address)
+ if not ft:
+ return
- testutil.test_iface_operstate(device.name)
- testutil.test_ifaces_connected(self.bss_hostapd[2].ifname, device.name)
- self.assertRaises(Exception, testutil.test_ifaces_connected,
- (self.bss_hostapd[1].ifname, device.name, True, True))
+ self.roam(wd, device, self.bss_hostapd[1], self.bss_hostapd[2])
def test_ft_roam_success(self):
wd = IWD(True)
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v3 3/4] auto-t: Add test to roam back to BSS with existing PMKSA
2026-03-09 16:57 [PATCH v3 1/4] station: check return of handshake_state_set_pmksa James Prestwood
2026-03-09 16:57 ` [PATCH v3 2/4] auto-t: refactor testSAE-roam into connect/roam functions James Prestwood
@ 2026-03-09 16:57 ` James Prestwood
2026-03-09 16:57 ` [PATCH v3 4/4] handshake: clear expiration of pmksa in _steal_pmksa() James Prestwood
2026-03-10 14:33 ` [PATCH v3 1/4] station: check return of handshake_state_set_pmksa Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2026-03-09 16:57 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
This test exposes a bug where if a PMKSA already exists for a BSS
that we are roaming to IWD crashes due to a missing check in
station.c
---
autotests/testSAE-roam/connection_test.py | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/autotests/testSAE-roam/connection_test.py b/autotests/testSAE-roam/connection_test.py
index c813f00f..243178a4 100644
--- a/autotests/testSAE-roam/connection_test.py
+++ b/autotests/testSAE-roam/connection_test.py
@@ -109,6 +109,26 @@ class Test(unittest.TestCase):
self.validate_connection(wd, True, check_used_pmksa=True)
+ def test_ft_roam_with_pmksa(self):
+ wd = IWD(True)
+
+ self.bss_hostapd[0].set_value('wpa_key_mgmt', 'FT-SAE SAE')
+ self.bss_hostapd[0].reload()
+ self.bss_hostapd[0].wait_for_event("AP-ENABLED")
+ self.bss_hostapd[1].set_value('wpa_key_mgmt', 'FT-SAE SAE')
+ self.bss_hostapd[1].reload()
+ self.bss_hostapd[1].wait_for_event("AP-ENABLED")
+ self.bss_hostapd[2].set_value('wpa_key_mgmt', 'FT-PSK')
+ self.bss_hostapd[2].reload()
+ self.bss_hostapd[2].wait_for_event("AP-ENABLED")
+
+ device = wd.list_devices(1)[0]
+
+ self.connect(wd, device, self.bss_hostapd[0])
+
+ self.roam(wd, device, self.bss_hostapd[0], self.bss_hostapd[1])
+ self.roam(wd, device, self.bss_hostapd[1], self.bss_hostapd[0])
+
def test_reassociate_roam_success(self):
wd = IWD(True)
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v3 4/4] handshake: clear expiration of pmksa in _steal_pmksa()
2026-03-09 16:57 [PATCH v3 1/4] station: check return of handshake_state_set_pmksa James Prestwood
2026-03-09 16:57 ` [PATCH v3 2/4] auto-t: refactor testSAE-roam into connect/roam functions James Prestwood
2026-03-09 16:57 ` [PATCH v3 3/4] auto-t: Add test to roam back to BSS with existing PMKSA James Prestwood
@ 2026-03-09 16:57 ` James Prestwood
2026-03-10 14:33 ` [PATCH v3 1/4] station: check return of handshake_state_set_pmksa Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2026-03-09 16:57 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
When pulling the pmksa out of the handshake object (to cache) we
also need to clear the expiration within the handshake itself. This
will prevent future attempts of setting the PMKSA into the handshake
due to the logic in handshake_state_set_pmksa():
/* checks for both expiration || pmksa being set */
if (s->expiration)
return false;
---
src/handshake.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/handshake.c b/src/handshake.c
index ef1a8220..41192fdd 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -1267,6 +1267,7 @@ static struct pmksa *handshake_state_steal_pmksa(struct handshake_state *s)
pmksa = l_new(struct pmksa, 1);
pmksa->expiration = s->expiration;
+ s->expiration = 0;
memcpy(pmksa->spa, s->spa, sizeof(s->spa));
memcpy(pmksa->aa, s->aa, sizeof(s->aa));
memcpy(pmksa->ssid, s->ssid, s->ssid_len);
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v3 1/4] station: check return of handshake_state_set_pmksa
2026-03-09 16:57 [PATCH v3 1/4] station: check return of handshake_state_set_pmksa James Prestwood
` (2 preceding siblings ...)
2026-03-09 16:57 ` [PATCH v3 4/4] handshake: clear expiration of pmksa in _steal_pmksa() James Prestwood
@ 2026-03-10 14:33 ` Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: Denis Kenzior @ 2026-03-10 14:33 UTC (permalink / raw)
To: James Prestwood, iwd
Hi James,
On 3/9/26 11:57 AM, James Prestwood wrote:
> If this fails num_pmkids and pmkids would get set, but to an
> uninitialized buffer. This would then fail to build the handshake
> object later when copying the PMKID.
> ---
> src/station.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
All applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-03-10 14:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-09 16:57 [PATCH v3 1/4] station: check return of handshake_state_set_pmksa James Prestwood
2026-03-09 16:57 ` [PATCH v3 2/4] auto-t: refactor testSAE-roam into connect/roam functions James Prestwood
2026-03-09 16:57 ` [PATCH v3 3/4] auto-t: Add test to roam back to BSS with existing PMKSA James Prestwood
2026-03-09 16:57 ` [PATCH v3 4/4] handshake: clear expiration of pmksa in _steal_pmksa() James Prestwood
2026-03-10 14:33 ` [PATCH v3 1/4] station: check return of handshake_state_set_pmksa Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox