From 875c6f27e75984f3ea541b9f2defa5b6b8220870 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Mon, 8 Apr 2019 14:01:58 -0700 Subject: [PATCH] eap: enforce max identity lengths EAP identites are recommended to follow RFC 4282 (The Network Access Identifier). This RFC recommends a maximum NAI length of 253 octets. It also mentions that RADIUS is only able to support NAIs of 253 octets. Because of this, IWD should not allow EAP identities larger than 253 bytes. This change adds a check in eap_load_settings to verify the identity does not exceed this limit. --- src/eap.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/eap.c b/src/eap.c index 8c2234e7..5cf5b052 100644 --- a/src/eap.c +++ b/src/eap.c @@ -546,6 +546,19 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings, eap->identity = l_strdup(eap->method->get_identity(eap)); } + /* + * RFC 4282 Section 2.2 - NAI Length Considerations + * + * Devices handling NAIs MUST support an NAI length of at least 72 + * octets. Support for an NAI length of 253 octets is RECOMMENDED. + * ... + * RADIUS is unable to support NAI lengths beyond 253 octets + */ + if (strlen(eap->identity) > 253) { + l_error("Identity is too long"); + goto err; + } + return true; err: