Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-18 02:44:03 -05:00
Code Issues Projects Releases Wiki Activity

EAP-TLS/TTLS/PEAP/FAST peer: Stop connection more quickly on local failure

Browse Source 
If there is only zero-length buffer of output data in error case, mark
that as an immediate failure instead of trying to report that
non-existing error report to the server. This allows faster connection
termination in cases where a non-recoverable error occurs in local TLS
processing, e.g., if none of the configured ciphers are available.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-07-28 16:32:27 +03:00
parent bb91243047
commit 3947997dcc
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/eap_peer/eap_tls_common.c
View File

@ -682,12 +682,18 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
if (tls_connection_get_failed(data->ssl_ctx, data->conn)) {
/* TLS processing has failed - return error */
wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
"report error");
"report error (len=%u)",
(unsigned int) wpabuf_len(data->tls_out));
ret = -1;
/* TODO: clean pin if engine used? */
if (wpabuf_len(data->tls_out) == 0) {
wpabuf_free(data->tls_out);
data->tls_out = NULL;
return -1;
}
}
if (data->tls_out == NULL || wpabuf_len(data->tls_out) == 0) {
if (wpabuf_len(data->tls_out) == 0) {
/*
* TLS negotiation should now be complete since all other cases
* needing more data should have been caught above based on