From: Badrish Adiga H R <badrish.adigahr@gmail.com>
Date: Fri, 6 Jan 2017 12:17:51 +0000 (+0530)
Subject: mka: Fix an incorrect update of participant->to_use_sak
X-Git-Tag: hostap_2_7~1664
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7faf403f9fb39fea9a0545025cc284ef05e022a7;p=thirdparty%2Fhostap.git

mka: Fix an incorrect update of participant->to_use_sak

API ieee802_1x_mka_decode_dist_sak_body() wrongly puts
participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
length 0 is received. In MACsec PSK mode, this stale incorrect value can
create problems while re-establishing CA. In MACsec PSK mode, CA goes
down if interface goes down and ideally we should be able to
re-establish the CA once interface comes up.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
---

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 1004b32dc..79a6878d3 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1559,7 +1559,7 @@ ieee802_1x_mka_decode_dist_sak_body(
 		ieee802_1x_cp_connect_authenticated(kay->cp);
 		ieee802_1x_cp_sm_step(kay->cp);
 		wpa_printf(MSG_WARNING, "KaY:The Key server advise no MACsec");
-		participant->to_use_sak = TRUE;
+		participant->to_use_sak = FALSE;
 		return 0;
 	}