Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

mka: Fix an incorrect update of participant->to_use_sak

API ieee802_1x_mka_decode_dist_sak_body() wrongly puts
participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
length 0 is received. In MACsec PSK mode, this stale incorrect value can
create problems while re-establishing CA. In MACsec PSK mode, CA goes
down if interface goes down and ideally we should be able to
re-establish the CA once interface comes up.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
Badrish Adiga H R 8 years ago
parent
00e0f0b010
commit
7faf403f9f
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/pae/ieee802_1x_kay.c

+ 1 - 1
src/pae/ieee802_1x_kay.c
View File 

@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
 
 		ieee802_1x_cp_connect_authenticated(kay->cp);
 
 		ieee802_1x_cp_sm_step(kay->cp);
 
 		wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
 
-		participant->to_use_sak = TRUE;
 
+		participant->to_use_sak = FALSE;
 
 		return 0;
 
 	}