[4/8] mka: Check for errors on create Secure Channel

Message ID 20181102180220.20948-4-a.s.kartashev@gmail.com
State New
Headers show
Series
  • [1/8] wpa_debug: Support hexdump_ascii outputting into syslog
Related show

Commit Message

Andrey Kartashev Nov. 2, 2018, 6:02 p.m.
From: Andrey Kartashev <andrey.kartashev@afconsult.com>

It is possible that driver fails to create Secure Channel (due to
hardware limitations for example).
This patch adds check of create_*_sc result code and breaks procedure in
case of fail.
Also this patch fix minor memory leak in ieee802_1x_kay_create_mka() in
case of derive KEK/ICK fail.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
---
 src/pae/ieee802_1x_kay.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

Patch

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index e508b38de..6703531e4 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -601,9 +601,14 @@  ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
 		return NULL;
 	}
 
+	if (secy_create_receive_sc(participant->kay, rxsc))
+	{
+		os_free(rxsc);
+		os_free(peer);
+		return NULL;
+	}
 	dl_list_add(&participant->live_peers, &peer->list);
 	dl_list_add(&participant->rxsc_list, &rxsc->list);
-	secy_create_receive_sc(participant->kay, rxsc);
 
 	wpa_printf(MSG_DEBUG, "KaY: Live peer created");
 	ieee802_1x_kay_dump_peer(peer);
@@ -661,10 +666,16 @@  ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
 	ieee802_1x_kay_dump_peer(peer);
 
 	dl_list_del(&peer->list);
+	if (secy_create_receive_sc(participant->kay, rxsc))
+	{
+		wpa_printf(MSG_ERROR, "KaY: Can't create SC, discard peer");
+		os_free(rxsc);
+		os_free(peer);
+		return NULL;
+	}
 	dl_list_add_tail(&participant->live_peers, &peer->list);
 
 	dl_list_add(&participant->rxsc_list, &rxsc->list);
-	secy_create_receive_sc(participant->kay, rxsc);
 
 	return peer;
 }
@@ -3381,7 +3392,8 @@  ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
 	secy_cp_control_protect_frames(kay, kay->macsec_protect);
 	secy_cp_control_replay(kay, kay->macsec_replay_protect,
 			       kay->macsec_replay_window);
-	secy_create_transmit_sc(kay, participant->txsc);
+	if (secy_create_transmit_sc(kay, participant->txsc))
+		goto fail;
 
 	/* to derive KEK from CAK and CKN */
 	participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;
@@ -3429,6 +3441,7 @@  ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
 	return participant;
 
 fail:
+	os_free(participant->txsc);
 	os_free(participant);
 	return NULL;
 }