mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 08:48:31 -05:00
EAP-TTLS peer: Fix user input during implicit identity request
Special processing is needed to handle EAP user request for identity or password at the beginning of Phase 2 when the implicit identity request is used. data->pending_phase2_req needs to be set to an empty buffer in that case to avoid re-processing the previous part of TLS negotiation when the user enters the needed information. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
a6d94e1b56
commit
af72d17e72
@ -1220,6 +1220,21 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
|
||||
"processing failed");
|
||||
retval = -1;
|
||||
} else {
|
||||
struct eap_peer_config *config = eap_get_config(sm);
|
||||
if (resp == NULL &&
|
||||
(config->pending_req_identity ||
|
||||
config->pending_req_password ||
|
||||
config->pending_req_otp ||
|
||||
config->pending_req_new_password)) {
|
||||
/*
|
||||
* Use empty buffer to force implicit request
|
||||
* processing when EAP request is re-processed after
|
||||
* user input.
|
||||
*/
|
||||
wpabuf_free(data->pending_phase2_req);
|
||||
data->pending_phase2_req = wpabuf_alloc(0);
|
||||
}
|
||||
|
||||
retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
|
||||
out_data);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user