]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52171e1)
mka: Check for errors on create Secure Channel
authorAndrey Kartashev <andrey.kartashev@afconsult.com>
Fri, 2 Nov 2018 18:02:16 +0000 (19:02 +0100)
committerJouni Malinen <j@w1.fi>
Wed, 26 Dec 2018 14:42:25 +0000 (16:42 +0200)
It is possible that the driver fails to create Secure Channel (due to
hardware limitations for example). Add checks of create_*_sc() result
codes and abort procedure in case of failure.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
src/pae/ieee802_1x_kay.c patch | blob | blame | history

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index afa521e7246edad2b34fa001221b01e2f427f843..dc9a47f3ec4377bd26babd9787381679d01a002f 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -605,9 +605,13 @@ ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
                return NULL;
        }
 
+       if (secy_create_receive_sc(participant->kay, rxsc)) {
+               os_free(rxsc);
+               os_free(peer);
+               return NULL;
+       }
        dl_list_add(&participant->live_peers, &peer->list);
        dl_list_add(&participant->rxsc_list, &rxsc->list);
-       secy_create_receive_sc(participant->kay, rxsc);
 
        wpa_printf(MSG_DEBUG, "KaY: Live peer created");
        ieee802_1x_kay_dump_peer(peer);
@@ -665,10 +669,15 @@ ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
        ieee802_1x_kay_dump_peer(peer);
 
        dl_list_del(&peer->list);
+       if (secy_create_receive_sc(participant->kay, rxsc)) {
+               wpa_printf(MSG_ERROR, "KaY: Can't create SC, discard peer");
+               os_free(rxsc);
+               os_free(peer);
+               return NULL;
+       }
        dl_list_add_tail(&participant->live_peers, &peer->list);
 
        dl_list_add(&participant->rxsc_list, &rxsc->list);
-       secy_create_receive_sc(participant->kay, rxsc);
 
        return peer;
 }
@@ -3502,7 +3511,8 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
        secy_cp_control_protect_frames(kay, kay->macsec_protect);
        secy_cp_control_replay(kay, kay->macsec_replay_protect,
                               kay->macsec_replay_window);
-       secy_create_transmit_sc(kay, participant->txsc);
+       if (secy_create_transmit_sc(kay, participant->txsc))
+               goto fail;
 
        /* to derive KEK from CAK and CKN */
        participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
Unnamed repository; edit this file 'description' to name the repository.