Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap: enforce max identity lengths 

EAP identites are recommended to follow RFC 4282 (The Network Access
Identifier). This RFC recommends a maximum NAI length of 253 octets.
It also mentions that RADIUS is only able to support NAIs of 253
octets.

Because of this, IWD should not allow EAP identities larger than 253
bytes. This change adds a check in eap_load_settings to verify the
identity does not exceed this limit.
This commit is contained in:
James Prestwood 2019-04-08 14:01:58 -07:00 committed by Denis Kenzior
parent 4ea6523b19
commit 875c6f27e7
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/eap.c
View File

@ -546,6 +546,19 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
eap->identity = l_strdup(eap->method->get_identity(eap));
}
/*
* RFC 4282 Section 2.2 - NAI Length Considerations
*
* Devices handling NAIs MUST support an NAI length of at least 72
* octets. Support for an NAI length of 253 octets is RECOMMENDED.
* ...
* RADIUS is unable to support NAI lengths beyond 253 octets
*/
if (strlen(eap->identity) > 253) {
l_error("Identity is too long");
goto err;
}
return true;
err: