eap: enforce max identity lengths

EAP identites are recommended to follow RFC 4282 (The Network Access Identifier). This RFC recommends a maximum NAI length of 253 octets. It also mentions that RADIUS is only able to support NAIs of 253 octets. Because of this, IWD should not allow EAP identities larger than 253 bytes. This change adds a check in eap_load_settings to verify the identity does not exceed this limit.
2024-11-26 10:39:23 +01:00 · 2019-04-08 14:01:58 -07:00 · 2019-04-08 14:01:58 -07:00 · 875c6f27e7
commit 875c6f27e7
parent 4ea6523b19
1 changed files with 13 additions and 0 deletions
--- a/src/eap.c
+++ b/src/eap.c
@ -546,6 +546,19 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
 		eap->identity = l_strdup(eap->method->get_identity(eap));
 	}

+	/*
+	 * RFC 4282 Section 2.2 - NAI Length Considerations
+	 *
+	 * Devices handling NAIs MUST support an NAI length of at least 72
+	 * octets. Support for an NAI length of 253 octets is RECOMMENDED.
+	 * ...
+	 * RADIUS is unable to support NAI lengths beyond 253 octets
+	 */
+	if (strlen(eap->identity) > 253) {
+		l_error("Identity is too long");
+		goto err;
+	}
+
 	return true;

 err: