Fixed EAP-SIM and EAP-AKA AT_IDENTITY parsing (server only)
The attribute uses 'Actual Identity Length' field to indicate the exact (pre-padding) length of the Identity. This actual length should be used as the length, not the remaining attribute length. This was previously worked around by stripping null termination away from the end of the identity string at EAP-SIM and EAP-AKA server code. However, it is likely that that workaround is not really needed and the real problem was in AT_IDENTITY parsing. Anyway, the workaround is left in just in case it was really needed with some implementations.
This commit is contained in:
parent
bb9f45e0bb
commit
b8ab624984
1 changed files with 14 additions and 2 deletions
|
@ -554,8 +554,20 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
|
||||||
break;
|
break;
|
||||||
case EAP_SIM_AT_IDENTITY:
|
case EAP_SIM_AT_IDENTITY:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
|
wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
|
||||||
attr->identity = apos + 2;
|
plen = WPA_GET_BE16(apos);
|
||||||
attr->identity_len = alen - 2;
|
apos += 2;
|
||||||
|
alen -= 2;
|
||||||
|
if (plen > alen) {
|
||||||
|
wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
|
||||||
|
"AT_IDENTITY (Actual Length %lu, "
|
||||||
|
"remaining length %lu)",
|
||||||
|
(unsigned long) plen,
|
||||||
|
(unsigned long) alen);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
attr->identity = apos;
|
||||||
|
attr->identity_len = plen;
|
||||||
break;
|
break;
|
||||||
case EAP_SIM_AT_VERSION_LIST:
|
case EAP_SIM_AT_VERSION_LIST:
|
||||||
if (aka) {
|
if (aka) {
|
||||||
|
|
Loading…
Reference in a new issue