From 02a0ce13bc5961e1d451e11699bee72e78a3d2e1 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 1 Sep 2012 19:23:14 +0300 Subject: [PATCH] EAP-AKA server: Require AKA/Identity response to include identity Since we always request an identity in the request, the response has to include AT_IDENTITY. This allows the AKA/Identity response processing to be simplified a bit. Signed-hostap: Jouni Malinen --- src/eap_server/eap_server_aka.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c index e8d355de0..e98eaa425 100644 --- a/src/eap_server/eap_server_aka.c +++ b/src/eap_server/eap_server_aka.c @@ -773,6 +773,8 @@ static void eap_aka_process_identity(struct eap_sm *sm, struct wpabuf *respData, struct eap_sim_attrs *attr) { + u8 *new_identity; + wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity"); if (attr->mac || attr->iv || attr->encr_data) { @@ -783,16 +785,29 @@ static void eap_aka_process_identity(struct eap_sm *sm, return; } - if (attr->identity) { - os_free(sm->identity); - sm->identity = os_malloc(attr->identity_len); - if (sm->identity) { - os_memcpy(sm->identity, attr->identity, - attr->identity_len); - sm->identity_len = attr->identity_len; - } + /* + * We always request identity with AKA/Identity, so the peer is + * required to have replied with one. + */ + if (!attr->identity || attr->identity_len == 0) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any " + "identity"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; } + new_identity = os_malloc(attr->identity_len); + if (new_identity == NULL) { + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + os_free(sm->identity); + sm->identity = new_identity; + os_memcpy(sm->identity, attr->identity, attr->identity_len); + sm->identity_len = attr->identity_len; + eap_aka_determine_identity(sm, data, 0, 0); if (eap_get_id(respData) == data->pending_id) { data->pending_id = -1;