From 16739cb4e61150712be961ccca1390c586a49631 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Thu, 23 Jun 2022 16:20:28 -0500 Subject: [PATCH] eap: Fix EAP-Success handling EAP-Success might come in with an identifier that is incremented by 1 from the last Response packet. Since identifier field is a byte, the value might overflow (from 255 -> 0.) This overflow isn't handled properly resulting in EAP-Success/Failure packets with a 0 identifier due to overflow being erroneously ignored. Fix that. --- src/eap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/eap.c b/src/eap.c index beb106c4..6f523f2f 100644 --- a/src/eap.c +++ b/src/eap.c @@ -588,8 +588,11 @@ void eap_rx_packet(struct eap_state *eap, const uint8_t *pkt, size_t len) * the Success and Failure packets. In order to support * interoperability with these products we validate id against * eap->last_id and its incremented value. + * + * Note: Since last_id is stored as an int and id value is a + * byte, we need to support overflow properly. */ - if (id != eap->last_id && id != eap->last_id + 1) + if (id != eap->last_id && id != (eap->last_id + 1) % 256) return; if (eap_len != 4)