jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mka: Detect duplicate MAC addresses during key server election

Browse source 
In the unlikely event the local KaY and the elected peer have the same
actor priority as well as the same MAC address, log a warning message
and do not elect a key server. Resolution is for network administrator
to reconfigure MAC address.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
This commit is contained in:
Mike Siedzik 2018-02-20 14:28:37 -05:00 committed by Jouni Malinen
parent 5762855abd
commit 77977b3d5d
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/pae/ieee802_1x_kay.c
View file

@ -2093,6 +2093,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
struct ieee802_1x_kay_peer *key_server = NULL;
struct ieee802_1x_kay *kay = participant->kay;
Boolean i_is_key_server;
int priority_comparison;
if (participant->is_obliged_key_server) {
participant->new_sak = TRUE;
@ -2123,8 +2124,14 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
tmp.key_server_priority = kay->actor_priority;
os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci));
if (compare_priorities(&tmp, key_server) < 0)
priority_comparison = compare_priorities(&tmp, key_server);
if (priority_comparison < 0) {
i_is_key_server = TRUE;
} else if (priority_comparison == 0) {
wpa_printf(MSG_WARNING,
"KaY: Cannot elect key server between me and peer, duplicate MAC detected");
key_server = NULL;
}
} else if (participant->can_be_key_server) {
i_is_key_server = TRUE;
}