[PATCH 07/15] mka: Detect duplicate MAC addresses during key server election

<msiedzik@xxxxxxxxxxxxxxxxxxx> · Fri, 2 Mar 2018 15:10:55 -0500

From: Mike Siedzik <msiedzik@xxxxxxxxxxxxxxxxxxx>

In the unlikely event the local KaY and the elected peer have the same
actor priority as well as the same MAC address, log a warning message
and do not elect a key server.  Resolution is for network administrator
to reconfigure MAC address.

Signed-off-by: Michael Siedzik <msiedzik@xxxxxxxxxxxxxxxxxxx>
---
 src/pae/ieee802_1x_kay.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 70fda1f2d..0c3101cd8 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -2091,6 +2091,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
        struct ieee802_1x_kay_peer *key_server = NULL;
        struct ieee802_1x_kay *kay = participant->kay;
        Boolean i_is_key_server;
+       int priority_comparison;

        if (participant->is_obliged_key_server) {
                participant->new_sak = TRUE;
@@ -2121,8 +2122,14 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)

                tmp.key_server_priority = kay->actor_priority;
                os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
-               if (compare_priorities(&tmp, key_server) < 0)
+               priority_comparison = compare_priorities(&tmp, key_server);
+               if (priority_comparison < 0) {
                        i_is_key_server = TRUE;
+               } else if (priority_comparison == 0) {
+                       wpa_printf(MSG_WARNING,
+                                  "KaY: Cannot elect key server between me and peer, duplicate MAC detected");
+                       key_server = NULL;
+               }
        } else if (participant->can_be_key_server) {
                i_is_key_server = TRUE;
        }
--
2.11.1


________________________________

DISCLAIMER:
This e-mail and any attachments to it may contain confidential and proprietary material and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






