[3/5] mka: Clear out old/latest key values on CHANGE
diff mbox series

Message ID a7b95025a44f6fc853642e900fa6bf18aa9e61b7.1566876816.git.Thomas.Winter@alliedtelesis.co.nz
State Accepted
Headers show
Series
  • mka: Correct the interpretation of CP and PN exhaustion
Related show

Commit Message

Thomas Winter Aug. 27, 2019, 3:55 a.m. UTC
The associated SAs have been deleted and the key
server has changed so there's no point in keeping
the key values.

Note that this isn't specified in the standard.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
---
 src/pae/ieee802_1x_cp.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

Patch
diff mbox series

diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
index a19f07518..7b7cfde2c 100644
--- a/src/pae/ieee802_1x_cp.c
+++ b/src/pae/ieee802_1x_cp.c
@@ -141,6 +141,24 @@  SM_STATE(CP, CHANGE)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
 	if (sm->oki)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+	/* The standard doesn't say it but we should clear out the latest
+	 * and old key values. Why would we keep advertising them if
+	 * they've been deleted and the key server has been changed?
+	 */
+	os_free(sm->oki);
+	sm->oki = NULL;
+	sm->otx = FALSE;
+	sm->orx = FALSE;
+	sm->oan = 0;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+	os_free(sm->lki);
+	sm->lki = NULL;
+	sm->lrx = FALSE;
+	sm->ltx = FALSE;
+	sm->lan = 0;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
 }