mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-27 02:32:52 +01:00
eap: enforce max identity lengths
EAP identites are recommended to follow RFC 4282 (The Network Access Identifier). This RFC recommends a maximum NAI length of 253 octets. It also mentions that RADIUS is only able to support NAIs of 253 octets. Because of this, IWD should not allow EAP identities larger than 253 bytes. This change adds a check in eap_load_settings to verify the identity does not exceed this limit.
This commit is contained in:
parent
4ea6523b19
commit
875c6f27e7
13
src/eap.c
13
src/eap.c
@ -546,6 +546,19 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
|
||||
eap->identity = l_strdup(eap->method->get_identity(eap));
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 4282 Section 2.2 - NAI Length Considerations
|
||||
*
|
||||
* Devices handling NAIs MUST support an NAI length of at least 72
|
||||
* octets. Support for an NAI length of 253 octets is RECOMMENDED.
|
||||
* ...
|
||||
* RADIUS is unable to support NAI lengths beyond 253 octets
|
||||
*/
|
||||
if (strlen(eap->identity) > 253) {
|
||||
l_error("Identity is too long");
|
||||
goto err;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
err:
|
||||
|
Loading…
Reference in New Issue
Block a user