[PATCH] mka: Fix for incorrect update of participant->to_use_sak
Badrish Adiga H R
badrish.adigahr at gmail.com
Sun Feb 5 22:36:48 PST 2017
A kind reminder to review this patch...
regards,
Badrish
On Fri, Jan 6, 2017 at 5:47 PM, Badrish Adiga H R
<badrish.adigahr at gmail.com> wrote:
> From: Badrish Adiga H R <badrish.adigahr at gmail.com>
>
> API ieee802_1x_mka_decode_dist_sak_body wrongly puts
> participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
> length 0 is received; In MACsec PSK mode, this stale incorrect value can
> create problems, while re-establishing CA. In MACsec PSK mode, CA goes
> down if interface goes down and ideally we should be able to re-establish
> the CA once interface comes up.
>
> Signed-off-by: Badrish Adiga H R <badrish.adigahr at gmail.com>
> ---
> src/pae/ieee802_1x_kay.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
> index 1004b32..79a6878 100644
> --- a/src/pae/ieee802_1x_kay.c
> +++ b/src/pae/ieee802_1x_kay.c
> @@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
> ieee802_1x_cp_connect_authenticated(kay->cp);
> ieee802_1x_cp_sm_step(kay->cp);
> wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
> - participant->to_use_sak = TRUE;
> + participant->to_use_sak = FALSE;
> return 0;
> }
>
> --
> 2.6.1.133.gf5b6079
More information about the Hostap
mailing list