[PATCH] mka: Fix for incorrect update of participant->to_use_sak

Badrish Adiga H R badrish.adigahr at gmail.com
Sun Feb 5 22:36:48 PST 2017


A kind reminder to review this patch...

regards,
Badrish

On Fri, Jan 6, 2017 at 5:47 PM, Badrish Adiga H R
<badrish.adigahr at gmail.com> wrote:
> From: Badrish Adiga H R <badrish.adigahr at gmail.com>
>
> API ieee802_1x_mka_decode_dist_sak_body wrongly puts
> participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
> length 0 is received; In MACsec PSK mode, this stale incorrect value can
> create problems, while re-establishing CA. In MACsec PSK mode, CA goes
> down if interface goes down and ideally we should be able to re-establish
> the CA once interface comes up.
>
> Signed-off-by: Badrish Adiga H R <badrish.adigahr at gmail.com>
> ---
>  src/pae/ieee802_1x_kay.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
> index 1004b32..79a6878 100644
> --- a/src/pae/ieee802_1x_kay.c
> +++ b/src/pae/ieee802_1x_kay.c
> @@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
>                 ieee802_1x_cp_connect_authenticated(kay->cp);
>                 ieee802_1x_cp_sm_step(kay->cp);
>                 wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
> -               participant->to_use_sak = TRUE;
> +               participant->to_use_sak = FALSE;
>                 return 0;
>         }
>
> --
> 2.6.1.133.gf5b6079



More information about the Hostap mailing list