From 17b703289113ee08154c4ced209ed86bf169ce01 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 31 Oct 2015 19:39:23 +0200 Subject: [PATCH] EAP peer: Clear ignore flag in INITIALIZE state While this is not part of RFC 4137, the way m.check(eapReqData) is implemented in wpa_supplicant allows an EAP method to not update the ignore value even though each such call is really supposed to get a new response. It seems to be possible to hit a sequence where a previous EAP authentication attempt terminates with sm->ignore set from the last m.check() call and the following EAP authentication attempt could fail to go through the expected code path if it does not clear the ignore flag. This is likely only hit in some error cases, though. The hwsim test cases could trigger this with the following sequence: eap_proto_ikev2 ap_wps_m1_oom Signed-off-by: Jouni Malinen --- src/eap_peer/eap.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 56c24b550..28d5116fd 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -188,6 +188,14 @@ SM_STATE(EAP, INITIALIZE) */ eapol_set_bool(sm, EAPOL_eapResp, FALSE); eapol_set_bool(sm, EAPOL_eapNoResp, FALSE); + /* + * RFC 4137 does not reset ignore here, but since it is possible for + * some method code paths to end up not setting ignore=FALSE, clear the + * value here to avoid issues if a previous authentication attempt + * failed with ignore=TRUE being left behind in the last + * m.check(eapReqData) operation. + */ + sm->ignore = 0; sm->num_rounds = 0; sm->prev_failure = 0; sm->expected_failure = 0;