aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-12-27 22:47:53 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-29 09:05:39 (GMT)
commit27859f5203c6ebb9a3bb2c610e8ae1416e62cc5e (patch)
tree46ee09848900e96f100ae3596491837eb0a292b8 /src
parent4d91d4a7cce24e927fce2e59e51994e0a0ffeff7 (diff)
downloadhostap-27859f5203c6ebb9a3bb2c610e8ae1416e62cc5e.zip
hostap-27859f5203c6ebb9a3bb2c610e8ae1416e62cc5e.tar.gz
hostap-27859f5203c6ebb9a3bb2c610e8ae1416e62cc5e.tar.bz2
mka: Fix deleteSAs clearing of principal->new_key
This pointer needs to be cleared when the matching SAK is being removed from the SAK list. The previous implementation was doing something pretty strange in the loop by clearing the pointer for any non-matching key that happened to be iterated through before finding the matching key. This could probably result in incorrect behavior, but not clearing the pointer for the matching key could do more harm by causing freed memory to be referenced. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 7d6d07c..6c07b2c 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1536,6 +1536,11 @@ ieee802_1x_mka_encode_dist_sak_body(
}
sak = participant->new_key;
+ if (!sak) {
+ wpa_printf(MSG_DEBUG,
+ "KaY: No SAK available to build Distributed SAK parameter set");
+ return -1;
+ }
body->confid_offset = sak->confidentiality_offset;
body->dan = sak->an;
body->kn = host_to_be32(sak->key_identifier.kn);
@@ -2847,12 +2852,12 @@ int ieee802_1x_kay_delete_sas(struct ieee802_1x_kay *kay,
dl_list_for_each_safe(sa_key, pre_key, &principal->sak_list,
struct data_key, list) {
if (is_ki_equal(&sa_key->key_identifier, ki)) {
+ if (principal->new_key == sa_key)
+ principal->new_key = NULL;
dl_list_del(&sa_key->list);
ieee802_1x_kay_deinit_data_key(sa_key);
break;
}
- if (principal->new_key == sa_key)
- principal->new_key = NULL;
}
return 0;