Fixed internal TLSv1 server implementation for abbreviated handshake

When the TLS handshake had been completed earlier by the server in case of
abbreviated handshake, the output buffer length was left uninitialized. It
must be initialized to zero in this case. This code is used by EAP-FAST
server and the uninitialized length could have caused it to try to send a
very large frame (though, this would be terminated by the 50 roundtrip EAP
limit). This broke EAP-FAST server code in some cases when PAC was used to
establish the tunnel.
This commit is contained in:
Jouni Malinen 2008-08-24 13:08:15 +03:00
parent 1f21bc4cc3
commit 4d4233eaf4
2 changed files with 5 additions and 1 deletions

View file

@ -5,6 +5,8 @@ ChangeLog for hostapd
internal X.509/TLSv1 implementation internal X.509/TLSv1 implementation
* fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
identity lengths) identity lengths)
* fixed internal TLSv1 implementation for abbreviated handshake (used
by EAP-FAST server)
2008-08-10 - v0.6.4 2008-08-10 - v0.6.4
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2 * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2

View file

@ -366,8 +366,10 @@ u8 * tls_connection_server_handshake(void *tls_ctx,
wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)", wpa_printf(MSG_DEBUG, "TLS: %s(in_data=%p in_len=%lu)",
__func__, in_data, (unsigned long) in_len); __func__, in_data, (unsigned long) in_len);
out = tlsv1_server_handshake(conn->server, in_data, in_len, out_len); out = tlsv1_server_handshake(conn->server, in_data, in_len, out_len);
if (out == NULL && tlsv1_server_established(conn->server)) if (out == NULL && tlsv1_server_established(conn->server)) {
out = os_malloc(1); out = os_malloc(1);
*out_len = 0;
}
return out; return out;
#else /* CONFIG_TLS_INTERNAL_SERVER */ #else /* CONFIG_TLS_INTERNAL_SERVER */
return NULL; return NULL;