EAP-MD5: Verify that CHAP operation succeeds

The MD5 operation may be disabled in the security policy so chap_md5()
call can fail.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 18:49:02 +03:00
parent ce7daaae53
commit 305dbc9870
2 changed files with 15 additions and 5 deletions

View file

@ -1,6 +1,6 @@
/* /*
* EAP peer method: EAP-MD5 (RFC 3748 and RFC 1994) * EAP peer method: EAP-MD5 (RFC 3748 and RFC 1994)
* Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi> * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -86,7 +86,13 @@ static struct wpabuf * eap_md5_process(struct eap_sm *sm, void *priv,
id = eap_get_id(resp); id = eap_get_id(resp);
rpos = wpabuf_put(resp, CHAP_MD5_LEN); rpos = wpabuf_put(resp, CHAP_MD5_LEN);
chap_md5(id, password, password_len, challenge, challenge_len, rpos); if (chap_md5(id, password, password_len, challenge, challenge_len,
rpos)) {
wpa_printf(MSG_INFO, "EAP-MD5: CHAP MD5 operation failed");
ret->ignore = TRUE;
wpabuf_free(resp);
return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, CHAP_MD5_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", rpos, CHAP_MD5_LEN);
return resp; return resp;

View file

@ -1,6 +1,6 @@
/* /*
* hostapd / EAP-MD5 server * hostapd / EAP-MD5 server
* Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -119,8 +119,12 @@ static void eap_md5_process(struct eap_sm *sm, void *priv,
wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", pos, CHAP_MD5_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", pos, CHAP_MD5_LEN);
id = eap_get_id(respData); id = eap_get_id(respData);
chap_md5(id, sm->user->password, sm->user->password_len, if (chap_md5(id, sm->user->password, sm->user->password_len,
data->challenge, CHALLENGE_LEN, hash); data->challenge, CHALLENGE_LEN, hash)) {
wpa_printf(MSG_INFO, "EAP-MD5: CHAP MD5 operation failed");
data->state = FAILURE;
return;
}
if (os_memcmp(hash, pos, CHAP_MD5_LEN) == 0) { if (os_memcmp(hash, pos, CHAP_MD5_LEN) == 0) {
wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success"); wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success");