hostapd/src/eap_peer
Pali Rohár f24e48861d EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params
This patch fixes an issue with an invalid phase2 parameter value
auth=MSCHAPv2 getting interpreted as auth=MSCHAP (v1) which could
degrade security (though, only within a protected TLS tunnel). Now when
invalid or unsupported auth= phase2 parameter combinations are
specified, EAP-TTLS initialization throws an error instead of silently
doing something.

More then one auth= phase2 type cannot be specified and also both auth= and
autheap= options cannot be specified.

Parsing phase2 type is case sensitive (as in other EAP parts), so phase2
parameter auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
[Use cstr_token() to get rid of unnecessary allocation; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 00:24:30 +02:00
..
eap.c EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap.h Declare all read only data structures as const 2015-04-25 17:33:06 +03:00
eap_aka.c EAP-SIM/AKA: Explicitly check for header to include Reserved field 2015-05-03 16:33:03 +03:00
eap_config.h EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_eke.c EAP-EKE peer: Fix memory leak on error path 2015-12-01 00:20:25 +02:00
eap_fast.c EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_fast_pac.c EAP-FAST peer: Fix PAC parser error messages 2015-12-12 12:00:28 +02:00
eap_fast_pac.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_gpsk.c EAP-GPSK: Pass EAP identifier instead of full request 2015-05-03 16:32:28 +03:00
eap_gtc.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_i.h EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_ikev2.c EAP-IKEv2 peer: Fix fragmentation reassembly 2014-12-21 00:48:24 +02:00
eap_leap.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_md5.c EAP-MD5: Verify that CHAP operation succeeds 2012-08-16 18:49:02 +03:00
eap_methods.c Check os_snprintf() result more consistently - automatic 1 2014-12-08 11:42:07 +02:00
eap_methods.h HS 2.0R2: Add WFA server-only EAP-TLS peer method 2014-02-26 01:24:23 +02:00
eap_mschapv2.c Add build option to remove all internal RC4 uses 2015-08-02 16:52:56 +03:00
eap_otp.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
eap_pax.c EAP-PAX: Fix PAX_STD-1 and PAX_STD-3 payload length validation 2015-05-03 16:32:36 +03:00
eap_peap.c EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_proxy.h eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_proxy_dummy.c eap_proxy: Add context data pointer to the get_imsi call 2013-10-23 20:51:46 +03:00
eap_psk.c EAP peer: Clear keying material on deinit 2014-07-02 12:38:48 +03:00
eap_pwd.c EAP-pwd peer: Fix error path for unexpected Confirm message 2015-11-10 18:40:54 +02:00
eap_sake.c EAP-SAKE: Pass EAP identifier instead of full request 2015-05-03 16:32:46 +03:00
eap_sim.c EAP-SIM peer: Fix memory leak on reauth error path 2015-11-28 20:46:36 +02:00
eap_tls.c EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_tls_common.c EAP peer: External server certificate chain validation 2015-12-12 18:24:27 +02:00
eap_tls_common.h EAP-TLS/PEAP/TTLS/FAST: Move more towards using struct wpabuf 2015-05-03 16:32:23 +03:00
eap_tnc.c EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873) 2014-06-13 16:03:45 +03:00
eap_ttls.c EAP-TTLS peer: Fix parsing auth= and autheap= phase2 params 2015-12-18 00:24:30 +02:00
eap_vendor_test.c tests: Pending EAP peer processing with VENDOR-TEST 2015-01-28 13:09:31 +02:00
eap_wsc.c EAP-WSC peer: Reject connection on unexpected failure 2015-08-30 18:37:44 +03:00
ikev2.c EAP-IKEv2 peer: Avoid undefined behavior in pointer arithmetic 2015-10-24 21:43:54 +03:00
ikev2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
Makefile tests: Add eapol-fuzzer 2015-04-22 11:44:19 +03:00
mschapv2.c EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons 2014-07-02 12:38:48 +03:00
mschapv2.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
tncc.c TNC: Fix minor memory leak (CID 62848) 2014-06-12 19:44:58 +03:00
tncc.h Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00