Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap: Fix EAP-Success handling 

EAP-Success might come in with an identifier that is incremented by 1
from the last Response packet.  Since identifier field is a byte, the
value might overflow (from 255 -> 0.)  This overflow isn't handled
properly resulting in EAP-Success/Failure packets with a 0 identifier
due to overflow being erroneously ignored.  Fix that.
This commit is contained in:
Denis Kenzior 2022-06-23 16:20:28 -05:00
parent d7136483c3
commit 16739cb4e6
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/eap.c
View File

@ -588,8 +588,11 @@ void eap_rx_packet(struct eap_state *eap, const uint8_t *pkt, size_t len)
* the Success and Failure packets. In order to support
* interoperability with these products we validate id against
* eap->last_id and its incremented value.
*
* Note: Since last_id is stored as an int and id value is a
* byte, we need to support overflow properly.
*/
if (id != eap->last_id && id != eap->last_id + 1)
if (id != eap->last_id && id != (eap->last_id + 1) % 256)
return;
if (eap_len != 4)