EAP-SIM/AKA server: Fix re-authentication not to update pseudonym

AT_NEXT_PSEUDONYM is supposed to be included only in the Challenge
messages, not in the Re-authentication messages. This attribute was
incorrectly included in the Re-authentication messages and could have
been used to update the pseudonym state on the server without the peer
updating its state.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This commit is contained in:
Jouni Malinen 2012-02-16 23:27:01 +02:00
parent 05c15c897d
commit 0047c047fc
2 changed files with 14 additions and 14 deletions

View File

@ -292,8 +292,13 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
const u8 *nonce_s) const u8 *nonce_s)
{ {
os_free(data->next_pseudonym); os_free(data->next_pseudonym);
data->next_pseudonym = if (nonce_s == NULL) {
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1); data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1);
} else {
/* Do not update pseudonym during re-authentication */
data->next_pseudonym = NULL;
}
os_free(data->next_reauth_id); os_free(data->next_reauth_id);
if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) { if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
data->next_reauth_id = data->next_reauth_id =
@ -1017,11 +1022,6 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
identity_len = id2_len; identity_len = id2_len;
} }
if (data->next_pseudonym) {
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
identity_len, data->next_pseudonym);
data->next_pseudonym = NULL;
}
if (data->next_reauth_id) { if (data->next_reauth_id) {
if (data->eap_method == EAP_TYPE_AKA_PRIME) { if (data->eap_method == EAP_TYPE_AKA_PRIME) {
#ifdef EAP_SERVER_AKA_PRIME #ifdef EAP_SERVER_AKA_PRIME

View File

@ -131,8 +131,13 @@ static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
const u8 *nonce_s) const u8 *nonce_s)
{ {
os_free(data->next_pseudonym); os_free(data->next_pseudonym);
data->next_pseudonym = if (nonce_s == NULL) {
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0); data->next_pseudonym =
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0);
} else {
/* Do not update pseudonym during re-authentication */
data->next_pseudonym = NULL;
}
os_free(data->next_reauth_id); os_free(data->next_reauth_id);
if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) { if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
data->next_reauth_id = data->next_reauth_id =
@ -616,11 +621,6 @@ static void eap_sim_process_reauth(struct eap_sm *sm,
identity_len = id2_len; identity_len = id2_len;
} }
if (data->next_pseudonym) {
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity,
identity_len, data->next_pseudonym);
data->next_pseudonym = NULL;
}
if (data->next_reauth_id) { if (data->next_reauth_id) {
eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity, eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity,
identity_len, data->next_reauth_id, identity_len, data->next_reauth_id,