mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
EAP-SIM/AKA server: Fix re-authentication not to update pseudonym
AT_NEXT_PSEUDONYM is supposed to be included only in the Challenge messages, not in the Re-authentication messages. This attribute was incorrectly included in the Re-authentication messages and could have been used to update the pseudonym state on the server without the peer updating its state. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
This commit is contained in:
parent
05c15c897d
commit
0047c047fc
@ -292,8 +292,13 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
|
|||||||
const u8 *nonce_s)
|
const u8 *nonce_s)
|
||||||
{
|
{
|
||||||
os_free(data->next_pseudonym);
|
os_free(data->next_pseudonym);
|
||||||
data->next_pseudonym =
|
if (nonce_s == NULL) {
|
||||||
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1);
|
data->next_pseudonym =
|
||||||
|
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1);
|
||||||
|
} else {
|
||||||
|
/* Do not update pseudonym during re-authentication */
|
||||||
|
data->next_pseudonym = NULL;
|
||||||
|
}
|
||||||
os_free(data->next_reauth_id);
|
os_free(data->next_reauth_id);
|
||||||
if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
|
if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
|
||||||
data->next_reauth_id =
|
data->next_reauth_id =
|
||||||
@ -1017,11 +1022,6 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
|||||||
identity_len = id2_len;
|
identity_len = id2_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->next_pseudonym) {
|
|
||||||
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
|
|
||||||
identity_len, data->next_pseudonym);
|
|
||||||
data->next_pseudonym = NULL;
|
|
||||||
}
|
|
||||||
if (data->next_reauth_id) {
|
if (data->next_reauth_id) {
|
||||||
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
|
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
|
||||||
#ifdef EAP_SERVER_AKA_PRIME
|
#ifdef EAP_SERVER_AKA_PRIME
|
||||||
|
@ -131,8 +131,13 @@ static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
|
|||||||
const u8 *nonce_s)
|
const u8 *nonce_s)
|
||||||
{
|
{
|
||||||
os_free(data->next_pseudonym);
|
os_free(data->next_pseudonym);
|
||||||
data->next_pseudonym =
|
if (nonce_s == NULL) {
|
||||||
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0);
|
data->next_pseudonym =
|
||||||
|
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0);
|
||||||
|
} else {
|
||||||
|
/* Do not update pseudonym during re-authentication */
|
||||||
|
data->next_pseudonym = NULL;
|
||||||
|
}
|
||||||
os_free(data->next_reauth_id);
|
os_free(data->next_reauth_id);
|
||||||
if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
|
if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
|
||||||
data->next_reauth_id =
|
data->next_reauth_id =
|
||||||
@ -616,11 +621,6 @@ static void eap_sim_process_reauth(struct eap_sm *sm,
|
|||||||
identity_len = id2_len;
|
identity_len = id2_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data->next_pseudonym) {
|
|
||||||
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
|
|
||||||
identity_len, data->next_pseudonym);
|
|
||||||
data->next_pseudonym = NULL;
|
|
||||||
}
|
|
||||||
if (data->next_reauth_id) {
|
if (data->next_reauth_id) {
|
||||||
eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
|
eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
|
||||||
identity_len, data->next_reauth_id,
|
identity_len, data->next_reauth_id,
|
||||||
|
Loading…
Reference in New Issue
Block a user