aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-12-04 18:51:42 +0200
committerJouni Malinen <j@w1.fi>2008-12-04 18:51:42 +0200
commitb8ab62498412836cfc55b9a72f06f3d3b48767f3 (patch)
tree3849c5b2a33ca18bb7db11c0e5064e8ff6659dd0 /src
parentbb9f45e0bbd41b644970fde94f70a5ec6ed3c5e0 (diff)
downloadexternal_wpa_supplicant_8_ti-b8ab62498412836cfc55b9a72f06f3d3b48767f3.zip
external_wpa_supplicant_8_ti-b8ab62498412836cfc55b9a72f06f3d3b48767f3.tar.gz
external_wpa_supplicant_8_ti-b8ab62498412836cfc55b9a72f06f3d3b48767f3.tar.bz2
Fixed EAP-SIM and EAP-AKA AT_IDENTITY parsing (server only)
The attribute uses 'Actual Identity Length' field to indicate the exact (pre-padding) length of the Identity. This actual length should be used as the length, not the remaining attribute length. This was previously worked around by stripping null termination away from the end of the identity string at EAP-SIM and EAP-AKA server code. However, it is likely that that workaround is not really needed and the real problem was in AT_IDENTITY parsing. Anyway, the workaround is left in just in case it was really needed with some implementations.
Diffstat (limited to 'src')
-rw-r--r--src/eap_common/eap_sim_common.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index e33fe3e..58253f9 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -554,8 +554,20 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
break;
case EAP_SIM_AT_IDENTITY:
wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY");
- attr->identity = apos + 2;
- attr->identity_len = alen - 2;
+ plen = WPA_GET_BE16(apos);
+ apos += 2;
+ alen -= 2;
+ if (plen > alen) {
+ wpa_printf(MSG_INFO, "EAP-SIM: Invalid "
+ "AT_IDENTITY (Actual Length %lu, "
+ "remaining length %lu)",
+ (unsigned long) plen,
+ (unsigned long) alen);
+ return -1;
+ }
+
+ attr->identity = apos;
+ attr->identity_len = plen;
break;
case EAP_SIM_AT_VERSION_LIST:
if (aka) {