From d9c753b4f5670ce8bcfca137c1c7b63a4cb1be46 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 24 Nov 2013 18:26:05 +0200 Subject: [PATCH] EAP server: Handle EAP method initialization failures more cleanly Allow another EAP method to be tried if one of the enabled methods fails. If all the remaining methods fail, reject connection by adding a new METHOD_REQUEST -> FAILURE transition. Previously, this case resulted in the state machine trying to send a message when none was available and then waiting for a following event until timeout. Signed-hostap: Jouni Malinen --- src/eap_server/eap_server.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c index 54b7533d6..233e2726e 100644 --- a/src/eap_server/eap_server.c +++ b/src/eap_server/eap_server.c @@ -343,6 +343,7 @@ SM_STATE(EAP, PROPOSE_METHOD) SM_ENTRY(EAP, PROPOSE_METHOD); +try_another_method: type = eap_sm_Policy_getNextMethod(sm, &vendor); if (vendor == EAP_VENDOR_IETF) sm->currentMethod = type; @@ -360,8 +361,14 @@ SM_STATE(EAP, PROPOSE_METHOD) "method %d", sm->currentMethod); sm->m = NULL; sm->currentMethod = EAP_TYPE_NONE; + goto try_another_method; } } + if (sm->m == NULL) { + wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method"); + sm->decision = DECISION_FAILURE; + return; + } if (sm->currentMethod == EAP_TYPE_IDENTITY || sm->currentMethod == EAP_TYPE_NOTIFICATION) sm->methodState = METHOD_CONTINUE; @@ -702,6 +709,15 @@ SM_STEP(EAP) SM_ENTER(EAP, METHOD_RESPONSE); break; case EAP_METHOD_REQUEST: + if (sm->m == NULL) { + /* + * This transition is not mentioned in RFC 4137, but it + * is needed to handle cleanly a case where EAP method + * initialization fails. + */ + SM_ENTER(EAP, FAILURE); + break; + } SM_ENTER(EAP, SEND_REQUEST); break; case EAP_METHOD_RESPONSE: