3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-31 23:42:52 +01:00

eap-ttls: Handle redundant L flags

Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
This commit is contained in:
Denis Kenzior 2018-10-30 15:14:11 -05:00
parent 76c8fd9a2f
commit 7699c8ab1e

View File

@ -443,6 +443,8 @@ static void eap_ttls_free(struct eap_state *eap)
#define EAP_TTLS_FLAG_S (1 << 5) #define EAP_TTLS_FLAG_S (1 << 5)
#define EAP_TTLS_FLAG_MASK \ #define EAP_TTLS_FLAG_MASK \
(EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M | EAP_TTLS_FLAG_S) (EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M | EAP_TTLS_FLAG_S)
#define EAP_TTLS_FLAG_LM_MASK \
(EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M)
struct phase2_credentials { struct phase2_credentials {
char *username; char *username;
@ -912,8 +914,15 @@ static void eap_ttls_handle_request(struct eap_state *eap,
goto err; goto err;
} }
/* Sanity check that first fragmented request has L flag set */
if ((flags & EAP_TTLS_FLAG_LM_MASK) == EAP_TTLS_FLAG_M &&
!ttls->rx_pkt_buf) {
l_error("EAP-TTLS request 1st fragment with no length");
goto err;
}
if (flags & EAP_TTLS_FLAG_L) { if (flags & EAP_TTLS_FLAG_L) {
if (len < 7) { if (len < 4) {
l_error("EAP-TTLS request with L flag too short"); l_error("EAP-TTLS request with L flag too short");
goto err; goto err;
} }
@ -922,35 +931,31 @@ static void eap_ttls_handle_request(struct eap_state *eap,
pkt += 4; pkt += 4;
len -= 4; len -= 4;
if (ttls->rx_pkt_buf) { if (flags & EAP_TTLS_FLAG_M) {
l_error("EAP-TTLS request L flag invalid"); if (ttls->rx_pkt_buf)
goto add_to_pkt_buf;
l_free(ttls->rx_pkt_buf);
ttls->rx_pkt_buf = NULL;
goto err;
}
if (!(flags & EAP_TTLS_FLAG_M) && total_len != len) {
l_error("EAP-TTLS request Length value invalid");
goto err;
}
}
if (!ttls->rx_pkt_buf && (flags & EAP_TTLS_FLAG_M)) {
if (!(flags & EAP_TTLS_FLAG_L)) {
l_error("EAP-TTLS request 1st fragment with no length");
if (total_len > 512*1024) {
l_error("Maximum message size exceeded");
goto err; goto err;
} }
ttls->rx_pkt_buf = l_malloc(total_len); ttls->rx_pkt_buf = l_malloc(total_len);
ttls->rx_pkt_len = total_len; ttls->rx_pkt_len = total_len;
ttls->rx_pkt_received = 0; ttls->rx_pkt_received = 0;
goto add_to_pkt_buf;
} else if (total_len != len && !ttls->rx_pkt_buf) {
/*
* Sanity check length for unfragmented request
* with L flag set
*/
l_error("EAP-TTLS request Length value invalid");
goto err;
}
} }
if (ttls->rx_pkt_buf) { if (ttls->rx_pkt_buf) {
add_to_pkt_buf:
if ( if (
((flags & EAP_TTLS_FLAG_M) && ((flags & EAP_TTLS_FLAG_M) &&
ttls->rx_pkt_received + len >= ttls->rx_pkt_received + len >=