From: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
Date: Tue, 27 Aug 2019 03:55:36 +0000 (+1200)
Subject: mka: Clear out old/latest key values on CHANGE in CP state machine
X-Git-Tag: hostap_2_10~2350
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=547ba732d37c26823d2b2a87957c784b0931335f;p=thirdparty%2Fhostap.git

mka: Clear out old/latest key values on CHANGE in CP state machine

The associated SAs have been deleted and the key server has changed so
there's no point in keeping the key values.

Note that this isn't specified in IEEE Std 802.1X-2010.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
---

diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
index 27c6f0c5f..69e57587d 100644
--- a/src/pae/ieee802_1x_cp.c
+++ b/src/pae/ieee802_1x_cp.c
@@ -141,6 +141,24 @@ SM_STATE(CP, CHANGE)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
 	if (sm->oki)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+	/* The standard doesn't say it but we should clear out the latest
+	 * and old key values. Why would we keep advertising them if
+	 * they've been deleted and the key server has been changed?
+	 */
+	os_free(sm->oki);
+	sm->oki = NULL;
+	sm->otx = FALSE;
+	sm->orx = FALSE;
+	sm->oan = 0;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+	os_free(sm->lki);
+	sm->lki = NULL;
+	sm->lrx = FALSE;
+	sm->ltx = FALSE;
+	sm->lan = 0;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
 }