EAP-MD5: Verify that CHAP operation succeeds
The MD5 operation may be disabled in the security policy so chap_md5() call can fail. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
ce7daaae53
commit
305dbc9870
2 changed files with 15 additions and 5 deletions
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* EAP peer method: EAP-MD5 (RFC 3748 and RFC 1994)
|
* EAP peer method: EAP-MD5 (RFC 3748 and RFC 1994)
|
||||||
* Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -86,7 +86,13 @@ static struct wpabuf * eap_md5_process(struct eap_sm *sm, void *priv,
|
||||||
|
|
||||||
id = eap_get_id(resp);
|
id = eap_get_id(resp);
|
||||||
rpos = wpabuf_put(resp, CHAP_MD5_LEN);
|
rpos = wpabuf_put(resp, CHAP_MD5_LEN);
|
||||||
chap_md5(id, password, password_len, challenge, challenge_len, rpos);
|
if (chap_md5(id, password, password_len, challenge, challenge_len,
|
||||||
|
rpos)) {
|
||||||
|
wpa_printf(MSG_INFO, "EAP-MD5: CHAP MD5 operation failed");
|
||||||
|
ret->ignore = TRUE;
|
||||||
|
wpabuf_free(resp);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, CHAP_MD5_LEN);
|
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, CHAP_MD5_LEN);
|
||||||
|
|
||||||
return resp;
|
return resp;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* hostapd / EAP-MD5 server
|
* hostapd / EAP-MD5 server
|
||||||
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
|
* Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
|
||||||
*
|
*
|
||||||
* This software may be distributed under the terms of the BSD license.
|
* This software may be distributed under the terms of the BSD license.
|
||||||
* See README for more details.
|
* See README for more details.
|
||||||
|
@ -119,8 +119,12 @@ static void eap_md5_process(struct eap_sm *sm, void *priv,
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", pos, CHAP_MD5_LEN);
|
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", pos, CHAP_MD5_LEN);
|
||||||
|
|
||||||
id = eap_get_id(respData);
|
id = eap_get_id(respData);
|
||||||
chap_md5(id, sm->user->password, sm->user->password_len,
|
if (chap_md5(id, sm->user->password, sm->user->password_len,
|
||||||
data->challenge, CHALLENGE_LEN, hash);
|
data->challenge, CHALLENGE_LEN, hash)) {
|
||||||
|
wpa_printf(MSG_INFO, "EAP-MD5: CHAP MD5 operation failed");
|
||||||
|
data->state = FAILURE;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (os_memcmp(hash, pos, CHAP_MD5_LEN) == 0) {
|
if (os_memcmp(hash, pos, CHAP_MD5_LEN) == 0) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success");
|
wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success");
|
||||||
|
|
Loading…
Reference in a new issue