1. API ieee802_1x_mka_decode_dist_sak_body wrongly puts
participant->to_use_sak to TRUE, if invalid DIstributed SAK Parameter
Set is received
2. when number of live peers become 0, the flags such lrx, ltx, orx,
otx etc. needs to be cleared. In MACsec PSK mode, these stale values
create problems, while re-establishing CA...
Signed-off-by: Badrish Adiga H R <badrish.adigahr@xxxxxxxxx>
---
src/pae/ieee802_1x_kay.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 1d6d9a9..e81ae0c 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
ieee802_1x_cp_connect_authenticated(kay->cp);
ieee802_1x_cp_sm_step(kay->cp);
wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
- participant->to_use_sak = TRUE;
+ participant->to_use_sak = FALSE;
return 0;
}
@@ -2377,6 +2377,12 @@ static void ieee802_1x_participant_timer(void
*eloop_ctx, void *timeout_ctx)
participant->advised_capability =
MACSEC_CAP_NOT_IMPLEMENTED;
participant->to_use_sak = FALSE;
+ participant->ltx = FALSE;
+ participant->lrx = FALSE;
+ participant->otx = FALSE;
+ participant->orx = FALSE;
+ participant->is_key_server = FALSE;
+ participant->is_elected = FALSE;
kay->authenticated = TRUE;
kay->secured = FALSE;
kay->failed = FALSE;
--
2.6.1.133.gf5b6079
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
