From 77977b3d5d6013ebab3a91945f284424e390e59a Mon Sep 17 00:00:00 2001 From: Mike Siedzik Date: Tue, 20 Feb 2018 14:28:37 -0500 Subject: [PATCH] mka: Detect duplicate MAC addresses during key server election In the unlikely event the local KaY and the elected peer have the same actor priority as well as the same MAC address, log a warning message and do not elect a key server. Resolution is for network administrator to reconfigure MAC address. Signed-off-by: Michael Siedzik --- src/pae/ieee802_1x_kay.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 438cc8a32..0d93b43a7 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -2093,6 +2093,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant) struct ieee802_1x_kay_peer *key_server = NULL; struct ieee802_1x_kay *kay = participant->kay; Boolean i_is_key_server; + int priority_comparison; if (participant->is_obliged_key_server) { participant->new_sak = TRUE; @@ -2123,8 +2124,14 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant) tmp.key_server_priority = kay->actor_priority; os_memcpy(&tmp.sci, &kay->actor_sci, sizeof(tmp.sci)); - if (compare_priorities(&tmp, key_server) < 0) + priority_comparison = compare_priorities(&tmp, key_server); + if (priority_comparison < 0) { i_is_key_server = TRUE; + } else if (priority_comparison == 0) { + wpa_printf(MSG_WARNING, + "KaY: Cannot elect key server between me and peer, duplicate MAC detected"); + key_server = NULL; + } } else if (participant->can_be_key_server) { i_is_key_server = TRUE; }