[PATCH] mka: Fix for incorrect update of participant->to_use_sak
Badrish Adiga H R
badrish.adigahr at gmail.com
Fri Jan 6 04:17:51 PST 2017
From: Badrish Adiga H R <badrish.adigahr at gmail.com>
API ieee802_1x_mka_decode_dist_sak_body wrongly puts
participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
length 0 is received; In MACsec PSK mode, this stale incorrect value can
create problems, while re-establishing CA. In MACsec PSK mode, CA goes
down if interface goes down and ideally we should be able to re-establish
the CA once interface comes up.
Signed-off-by: Badrish Adiga H R <badrish.adigahr at gmail.com>
---
src/pae/ieee802_1x_kay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 1004b32..79a6878 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
ieee802_1x_cp_connect_authenticated(kay->cp);
ieee802_1x_cp_sm_step(kay->cp);
wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
- participant->to_use_sak = TRUE;
+ participant->to_use_sak = FALSE;
return 0;
}
--
2.6.1.133.gf5b6079
More information about the Hostap
mailing list