EAP-pwd peer: Fix asymmetric fragmentation behavior
The L (Length) and M (More) flags needs to be cleared before deciding whether the locally generated response requires fragmentation. This fixes an issue where these flags from the server could have been invalid for the following message. In some cases, this could have resulted in triggering the wpabuf security check that would terminate the process due to invalid buffer allocation. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
3035cc2894
commit
28a069a545
1 changed files with 1 additions and 0 deletions
|
@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
|
||||||
/*
|
/*
|
||||||
* we have output! Do we need to fragment it?
|
* we have output! Do we need to fragment it?
|
||||||
*/
|
*/
|
||||||
|
lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
|
||||||
len = wpabuf_len(data->outbuf);
|
len = wpabuf_len(data->outbuf);
|
||||||
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
|
if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
|
||||||
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
|
resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
|
||||||
|
|
Loading…
Reference in a new issue