From cb730085943b988c324820c688cf4d1d72cb5b4c Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 20 Dec 2015 17:32:10 +0200
Subject: [PATCH] EAP-TTLS/PEAP/FAST: Reject unsupported Phase 2 method in
 configuration

Instead of using default list of methods, reject a configuration with an
unsupported EAP method at the time the main TLS method is being
initialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/eap_peer/eap_tls_common.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 67a09560d..c270832b7 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -1039,6 +1039,9 @@ int eap_peer_select_phase2_methods(struct eap_peer_config *config,
 		if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_NONE) {
 			wpa_printf(MSG_ERROR, "TLS: Unsupported Phase2 EAP "
 				   "method '%s'", start);
+			os_free(methods);
+			os_free(buf);
+			return -1;
 		} else {
 			num_methods++;
 			_methods = os_realloc_array(methods, num_methods,