EAP-TTLS peer: Fix user input during implicit identity request
Special processing is needed to handle EAP user request for identity or password at the beginning of Phase 2 when the implicit identity request is used. data->pending_phase2_req needs to be set to an empty buffer in that case to avoid re-processing the previous part of TLS negotiation when the user enters the needed information. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
a6d94e1b56
commit
af72d17e72
1 changed files with 15 additions and 0 deletions
|
@ -1220,6 +1220,21 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
|
||||||
"processing failed");
|
"processing failed");
|
||||||
retval = -1;
|
retval = -1;
|
||||||
} else {
|
} else {
|
||||||
|
struct eap_peer_config *config = eap_get_config(sm);
|
||||||
|
if (resp == NULL &&
|
||||||
|
(config->pending_req_identity ||
|
||||||
|
config->pending_req_password ||
|
||||||
|
config->pending_req_otp ||
|
||||||
|
config->pending_req_new_password)) {
|
||||||
|
/*
|
||||||
|
* Use empty buffer to force implicit request
|
||||||
|
* processing when EAP request is re-processed after
|
||||||
|
* user input.
|
||||||
|
*/
|
||||||
|
wpabuf_free(data->pending_phase2_req);
|
||||||
|
data->pending_phase2_req = wpabuf_alloc(0);
|
||||||
|
}
|
||||||
|
|
||||||
retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
|
retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
|
||||||
out_data);
|
out_data);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue