[PATCH] mka: Some bug fixes

Badrish Adiga H R badrish.adigahr at gmail.com
Mon Dec 5 07:26:23 PST 2016


From: Badrish Adiga H R <badrish.adigahr at gmail.com>

1. API ieee802_1x_mka_decode_dist_sak_body wrongly puts
participant->to_use_sak to TRUE, if invalid DIstributed SAK Parameter
Set is received
2. when number of live peers become 0, the flags such lrx, ltx, orx,
otx etc. needs to be cleared. In MACsec PSK mode, these stale values
create problems, while re-establishing CA...

Signed-off-by: Badrish Adiga H R <badrish.adigahr at gmail.com>
---
 src/pae/ieee802_1x_kay.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 1d6d9a9..e81ae0c 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
                ieee802_1x_cp_connect_authenticated(kay->cp);
                ieee802_1x_cp_sm_step(kay->cp);
                wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
-               participant->to_use_sak = TRUE;
+               participant->to_use_sak = FALSE;
                return 0;
        }

@@ -2377,6 +2377,12 @@ static void ieee802_1x_participant_timer(void
*eloop_ctx, void *timeout_ctx)
                        participant->advised_capability =
                                MACSEC_CAP_NOT_IMPLEMENTED;
                        participant->to_use_sak = FALSE;
+                       participant->ltx = FALSE;
+                       participant->lrx = FALSE;
+                       participant->otx = FALSE;
+                       participant->orx = FALSE;
+                       participant->is_key_server = FALSE;
+                       participant->is_elected = FALSE;
                        kay->authenticated = TRUE;
                        kay->secured = FALSE;
                        kay->failed = FALSE;
--
2.6.1.133.gf5b6079



More information about the Hostap mailing list