[PATCH 1/1] macsec: handle missing macsec kernel module

Michael Braun michael-dev at fami-braun.de
Fri Aug 18 10:30:40 PDT 2017

This fixes the following crash:

0. do not modprobe macsec
1. create veth pair
2. run two wpa_supplicant linux_macsec instances on both ends
3. see one instance crash

Successfully initialized wpa_supplicant
macsec_linux: genl resolve failed
macsec_linux: genl resolve failed
macsec_linux: NULL rtnl socket
veth1: Associated with 01:80:c2:00:00:03
veth1: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=]
WMM AC: Missing IEs
==9601==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x7f25f6959ec0 sp 0x7ffe0abe9808 bp 0x000000000000 T0)
    #0 0x7f25f6959ebf (/opt/libnl/lib/.libs/libnl-3.so.200+0x12ebf)
    #1 0x7f25f695814f in nl_complete_msg /opt/libnl/lib/nl.c:487
    #2 0x7f25f6958180 in nl_send_auto /opt/libnl/lib/nl.c:518
    #3 0x585930 in nl_send_recv ../src/drivers/driver_macsec_linux.c:558
    #4 0x58a4a2 in macsec_drv_create_receive_sc ../src/drivers/driver_macsec_linux.c:733
    #5 0x4a2038 in wpa_drv_create_receive_sc /home/mbr/hostap/wpa_supplicant/driver_i.h:797
    #6 0x4a2038 in wpas_create_receive_sc /home/mbr/hostap/wpa_supplicant/wpas_kay.c:113
    #7 0x4c26eb in secy_create_receive_sc ../src/pae/ieee802_1x_secy_ops.c:235
    #8 0x4b1703 in ieee802_1x_kay_move_live_peer ../src/pae/ieee802_1x_kay.c:655
    #9 0x4b1703 in ieee802_1x_kay_decode_mkpdu ../src/pae/ieee802_1x_kay.c:2983
    #10 0x4b24e7 in kay_l2_receive ../src/pae/ieee802_1x_kay.c:3089
    #11 0x5e3fec in l2_packet_receive ../src/l2_packet/l2_packet_linux.c:191
    #12 0x44572b in eloop_sock_table_dispatch ../src/utils/eloop.c:595
    #13 0x4485cd in eloop_run ../src/utils/eloop.c:1218
    #14 0x544c88 in wpa_supplicant_run /home/mbr/hostap/wpa_supplicant/wpa_supplicant.c:5905
    #15 0x583a88 in main /home/mbr/hostap/wpa_supplicant/main.c:392
    #16 0x7f25f4c1cb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #17 0x409448 (/home/mbr/hostap/wpa_supplicant/wpa_supplicant+0x409448)

Signed-off-by: Michael Braun <michael-dev at fami-braun.de>
 src/pae/ieee802_1x_kay.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index a919dfe..1ab48d6 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3166,7 +3166,11 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
 	wpa_printf(MSG_DEBUG, "KaY: state machine created");
 	/* Initialize the SecY must be prio to CP, as CP will control SecY */
-	secy_init_macsec(kay);
+	if (secy_init_macsec(kay) < 0) {
+		wpa_printf(MSG_ERROR, "KaY: secy init macsec failed");
+		os_free(kay);
+		return NULL;
+	}
 	wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");

More information about the Hostap mailing list