EAP peer: Clear ignore flag in INITIALIZE state
While this is not part of RFC 4137, the way m.check(eapReqData) is implemented in wpa_supplicant allows an EAP method to not update the ignore value even though each such call is really supposed to get a new response. It seems to be possible to hit a sequence where a previous EAP authentication attempt terminates with sm->ignore set from the last m.check() call and the following EAP authentication attempt could fail to go through the expected code path if it does not clear the ignore flag. This is likely only hit in some error cases, though. The hwsim test cases could trigger this with the following sequence: eap_proto_ikev2 ap_wps_m1_oom Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
1f1e619282
commit
17b7032891
1 changed files with 8 additions and 0 deletions
|
|
@ -188,6 +188,14 @@ SM_STATE(EAP, INITIALIZE)
|
|||
*/
|
||||
eapol_set_bool(sm, EAPOL_eapResp, FALSE);
|
||||
eapol_set_bool(sm, EAPOL_eapNoResp, FALSE);
|
||||
/*
|
||||
* RFC 4137 does not reset ignore here, but since it is possible for
|
||||
* some method code paths to end up not setting ignore=FALSE, clear the
|
||||
* value here to avoid issues if a previous authentication attempt
|
||||
* failed with ignore=TRUE being left behind in the last
|
||||
* m.check(eapReqData) operation.
|
||||
*/
|
||||
sm->ignore = 0;
|
||||
sm->num_rounds = 0;
|
||||
sm->prev_failure = 0;
|
||||
sm->expected_failure = 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue