From 626bc1fac2a671c98baaadda1c7147d3dc0fc95a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 29 Dec 2018 01:27:22 +0200 Subject: [PATCH] mka: Stop trying to generate and distribute new SAK when not key server It was possible for a participant to first be elected as a key server and schedule a new SAK to be generated and distributed just to be followed by another participant being elected as the key server. That did not stop the participant that disabled key server functionality to stop generating the new SAK and then trying to distribute it. That is not correct behavior, so make these steps conditional on the participant still being a key server when going through the timer. Signed-off-by: Jouni Malinen --- src/pae/ieee802_1x_kay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 1d09e0b57..4c2e70a16 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -1528,7 +1528,8 @@ static Boolean ieee802_1x_mka_dist_sak_body_present( struct ieee802_1x_mka_participant *participant) { - return participant->to_dist_sak && participant->new_key; + return participant->is_key_server && participant->to_dist_sak && + participant->new_key; } @@ -2584,7 +2585,7 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx) } } - if (participant->new_sak) { + if (participant->new_sak && participant->is_key_server) { if (!ieee802_1x_kay_generate_new_sak(participant)) participant->to_dist_sak = TRUE;