diff options
| author | Jouni Malinen <jouni@qca.qualcomm.com> | 2014-10-30 11:43:47 +0200 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2014-11-24 02:12:34 -0800 |
| commit | 497aa9894cf02f626216e9c661b2820ce4593cf3 (patch) | |
| tree | d7effa55b9cfa8d94c8dedcb49c5550d13bfca29 | |
| parent | ebed7570eb40aa0279df25af25b1b75c711b7ef5 (diff) | |
| download | android_external_wpa_supplicant_8-497aa9894cf02f626216e9c661b2820ce4593cf3.tar.gz android_external_wpa_supplicant_8-497aa9894cf02f626216e9c661b2820ce4593cf3.tar.bz2 android_external_wpa_supplicant_8-497aa9894cf02f626216e9c661b2820ce4593cf3.zip | |
MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.
Change-Id: I5959392657b3ae73a4b4bb1196c03127325dba4e
CRs-fixed: 748991
Git-commit: 43d859271894f83c5de6294685b5919889541bab
Git-repo: git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
| -rw-r--r-- | src/pae/ieee802_1x_kay.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 56c195ab..0f961282 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -3159,7 +3159,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED; kay->macsec_desired = FALSE; kay->macsec_protect = FALSE; - kay->macsec_validate = FALSE; + kay->macsec_validate = Disabled; kay->macsec_replay_protect = FALSE; kay->macsec_replay_window = 0; kay->macsec_confidentiality = CONFIDENTIALITY_NONE; @@ -3167,7 +3167,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50; kay->macsec_desired = TRUE; kay->macsec_protect = TRUE; - kay->macsec_validate = TRUE; + kay->macsec_validate = Strict; kay->macsec_replay_protect = FALSE; kay->macsec_replay_window = 0; kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0; |