EAP-TTLS peer: Fix user input during implicit identity request

Special processing is needed to handle EAP user request for
identity or password at the beginning of Phase 2 when the implicit
identity request is used. data->pending_phase2_req needs to be set
to an empty buffer in that case to avoid re-processing the previous
part of TLS negotiation when the user enters the needed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-10-30 12:02:20 +02:00
parent a6d94e1b56
commit af72d17e72

View file

@ -1220,6 +1220,21 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
"processing failed"); "processing failed");
retval = -1; retval = -1;
} else { } else {
struct eap_peer_config *config = eap_get_config(sm);
if (resp == NULL &&
(config->pending_req_identity ||
config->pending_req_password ||
config->pending_req_otp ||
config->pending_req_new_password)) {
/*
* Use empty buffer to force implicit request
* processing when EAP request is re-processed after
* user input.
*/
wpabuf_free(data->pending_phase2_req);
data->pending_phase2_req = wpabuf_alloc(0);
}
retval = eap_ttls_encrypt_response(sm, data, resp, identifier, retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
out_data); out_data);
} }