DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

mka: Add error handling for secy_init_macsec() calls

Browse source 
secy_init_macsec() can fail (if ->macsec_init fails), and
ieee802_1x_kay_init() should handle this and not let MKA run any
further, because nothing is going to work anyway.

On failure, ieee802_1x_kay_init() must deinit its kay, which will free
kay->ctx, so ieee802_1x_kay_init callers (only ieee802_1x_alloc_kay_sm)
must not do it. Before this patch there is a double-free of the ctx
argument when ieee802_1x_kay_deinit() was called.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This commit is contained in:
Sabrina Dubroca 2017-08-22 10:34:19 +02:00 committed by Jouni Malinen
parent 2c66c7d115
commit 7612e65b9b
2 changed files with 16 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/pae/ieee802_1x_kay.c
View file

@ -3100,6 +3100,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
kay = os_zalloc(sizeof(*kay)); kay = os_zalloc(sizeof(*kay));
if (!kay) { if (!kay) {
wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__); wpa_printf(MSG_ERROR, "KaY-%s: out of memory", __func__);
os_free(ctx);
return NULL; return NULL;
} }
@ -3134,10 +3135,8 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
dl_list_init(&kay->participant_list); dl_list_init(&kay->participant_list);
if (policy != DO_NOT_SECURE && if (policy != DO_NOT_SECURE &&
secy_get_capability(kay, &kay->macsec_capable) < 0) { secy_get_capability(kay, &kay->macsec_capable) < 0)
os_free(kay); goto error;
return NULL;
}
if (policy == DO_NOT_SECURE || if (policy == DO_NOT_SECURE ||
kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) { kay->macsec_capable == MACSEC_CAP_NOT_IMPLEMENTED) {
@ -3164,16 +3163,17 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
wpa_printf(MSG_DEBUG, "KaY: state machine created"); wpa_printf(MSG_DEBUG, "KaY: state machine created");
/* Initialize the SecY must be prio to CP, as CP will control SecY */ /* Initialize the SecY must be prio to CP, as CP will control SecY */
secy_init_macsec(kay); if (secy_init_macsec(kay) < 0) {
wpa_printf(MSG_DEBUG, "KaY: Could not initialize MACsec");
goto error;
}
wpa_printf(MSG_DEBUG, "KaY: secy init macsec done"); wpa_printf(MSG_DEBUG, "KaY: secy init macsec done");
/* init CP */ /* init CP */
kay->cp = ieee802_1x_cp_sm_init(kay); kay->cp = ieee802_1x_cp_sm_init(kay);
if (kay->cp == NULL) { if (kay->cp == NULL)
ieee802_1x_kay_deinit(kay); goto error;
return NULL;
}
if (policy == DO_NOT_SECURE) { if (policy == DO_NOT_SECURE) {
ieee802_1x_cp_connect_authenticated(kay->cp); ieee802_1x_cp_connect_authenticated(kay->cp);
@ -3184,12 +3184,15 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
if (kay->l2_mka == NULL) { if (kay->l2_mka == NULL) {
wpa_printf(MSG_WARNING, wpa_printf(MSG_WARNING,
"KaY: Failed to initialize L2 packet processing for MKA packet"); "KaY: Failed to initialize L2 packet processing for MKA packet");
ieee802_1x_kay_deinit(kay); goto error;
return NULL;
} }
} }
return kay; return kay;
error:
ieee802_1x_kay_deinit(kay);
return NULL;
} }

5
wpa_supplicant/wpas_kay.c
View file

@ -235,10 +235,9 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port, res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
ssid->mka_priority, wpa_s->ifname, ssid->mka_priority, wpa_s->ifname,
wpa_s->own_addr); wpa_s->own_addr);
if (res == NULL) { /* ieee802_1x_kay_init() frees kay_ctx on failure */
os_free(kay_ctx); if (res == NULL)
return -1; return -1;
}
wpa_s->kay = res; wpa_s->kay = res;