mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-31 23:42:52 +01:00
eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment packets other than the first one. To stay interoperable with such devices, iwd is relaxing the L bit check.
This commit is contained in:
parent
76c8fd9a2f
commit
7699c8ab1e
@ -443,6 +443,8 @@ static void eap_ttls_free(struct eap_state *eap)
|
|||||||
#define EAP_TTLS_FLAG_S (1 << 5)
|
#define EAP_TTLS_FLAG_S (1 << 5)
|
||||||
#define EAP_TTLS_FLAG_MASK \
|
#define EAP_TTLS_FLAG_MASK \
|
||||||
(EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M | EAP_TTLS_FLAG_S)
|
(EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M | EAP_TTLS_FLAG_S)
|
||||||
|
#define EAP_TTLS_FLAG_LM_MASK \
|
||||||
|
(EAP_TTLS_FLAG_L | EAP_TTLS_FLAG_M)
|
||||||
|
|
||||||
struct phase2_credentials {
|
struct phase2_credentials {
|
||||||
char *username;
|
char *username;
|
||||||
@ -912,8 +914,15 @@ static void eap_ttls_handle_request(struct eap_state *eap,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Sanity check that first fragmented request has L flag set */
|
||||||
|
if ((flags & EAP_TTLS_FLAG_LM_MASK) == EAP_TTLS_FLAG_M &&
|
||||||
|
!ttls->rx_pkt_buf) {
|
||||||
|
l_error("EAP-TTLS request 1st fragment with no length");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
if (flags & EAP_TTLS_FLAG_L) {
|
if (flags & EAP_TTLS_FLAG_L) {
|
||||||
if (len < 7) {
|
if (len < 4) {
|
||||||
l_error("EAP-TTLS request with L flag too short");
|
l_error("EAP-TTLS request with L flag too short");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -922,35 +931,31 @@ static void eap_ttls_handle_request(struct eap_state *eap,
|
|||||||
pkt += 4;
|
pkt += 4;
|
||||||
len -= 4;
|
len -= 4;
|
||||||
|
|
||||||
if (ttls->rx_pkt_buf) {
|
if (flags & EAP_TTLS_FLAG_M) {
|
||||||
l_error("EAP-TTLS request L flag invalid");
|
if (ttls->rx_pkt_buf)
|
||||||
|
goto add_to_pkt_buf;
|
||||||
l_free(ttls->rx_pkt_buf);
|
|
||||||
ttls->rx_pkt_buf = NULL;
|
|
||||||
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(flags & EAP_TTLS_FLAG_M) && total_len != len) {
|
|
||||||
l_error("EAP-TTLS request Length value invalid");
|
|
||||||
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!ttls->rx_pkt_buf && (flags & EAP_TTLS_FLAG_M)) {
|
|
||||||
if (!(flags & EAP_TTLS_FLAG_L)) {
|
|
||||||
l_error("EAP-TTLS request 1st fragment with no length");
|
|
||||||
|
|
||||||
|
if (total_len > 512*1024) {
|
||||||
|
l_error("Maximum message size exceeded");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
ttls->rx_pkt_buf = l_malloc(total_len);
|
ttls->rx_pkt_buf = l_malloc(total_len);
|
||||||
ttls->rx_pkt_len = total_len;
|
ttls->rx_pkt_len = total_len;
|
||||||
ttls->rx_pkt_received = 0;
|
ttls->rx_pkt_received = 0;
|
||||||
|
goto add_to_pkt_buf;
|
||||||
|
} else if (total_len != len && !ttls->rx_pkt_buf) {
|
||||||
|
/*
|
||||||
|
* Sanity check length for unfragmented request
|
||||||
|
* with L flag set
|
||||||
|
*/
|
||||||
|
l_error("EAP-TTLS request Length value invalid");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ttls->rx_pkt_buf) {
|
if (ttls->rx_pkt_buf) {
|
||||||
|
add_to_pkt_buf:
|
||||||
if (
|
if (
|
||||||
((flags & EAP_TTLS_FLAG_M) &&
|
((flags & EAP_TTLS_FLAG_M) &&
|
||||||
ttls->rx_pkt_received + len >=
|
ttls->rx_pkt_received + len >=
|
||||||
|
Loading…
Reference in New Issue
Block a user