aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_tls_common.c
Commit message (Collapse)AuthorAgeFilesLines
* EAP-TLS server: Fix TLS Message Length validationHEADmasterJouni Malinen2012-10-071-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS Message Length value properly and could end up trying to store more information into the message buffer than the allocated size if the first fragment is longer than the indicated size. This could result in hostapd process terminating in wpabuf length validation. Fix this by rejecting messages that have invalid TLS Message Length value. This would affect cases that use the internal EAP authentication server in hostapd either directly with IEEE 802.1X or when using hostapd as a RADIUS authentication server and when receiving an incorrectly constructed EAP-TLS message. Cases where hostapd uses an external authentication are not affected. Thanks to Timo Warns for finding and reporting this issue. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1 (cherry picked from commit 586c446e0ff42ae00315b014924ec669023bd8de) (cherry picked from commit f3043318970a98c98e968ed17b3e2f49dc42c646) Conflicts: src/eap_server/eap_tls_common.c
* Increase EAP server extra room for encryption overhead (for GnuTLS)Jouni Malinen2010-01-091-1/+1
| | | | | | | | This fixes issues with some GnuTLS versions that seem to be adding quite a bit of extra data into TLS messages. The EAP server code is now using the same 300 byte extra room that was already used in the EAP peer implementation. (cherry picked from commit f721aed4b1baef8ad9336c80f8835f3f3d504d68)
* Fixed potential NULL pointer dereference if memory allocation failsJouni Malinen2008-06-051-0/+6
|
* Share EAP-TLS/PEAP/TTLS/FAST core process() functionalityJouni Malinen2008-05-281-3/+50
| | | | | | Move the basic processing of received frames into eap_tls_common.c and use callback functions to handle EAP type specific processing of the version field and payload.
* Do not refer to Flags::Version field as 'PEAP version'Jouni Malinen2008-05-281-4/+4
| | | | | This field is also used for EAP-TTLS and EAP-FAST, so it is clearer to use a more generic term for it.
* Redesigned EAP-TLS/PEAP/TTLS/FAST fragmentation/reassemblyJouni Malinen2008-05-281-148/+212
| | | | | | Fragmentation is now done as a separate step to clean up the design and to allow the same code to be used in both Phase 1 and Phase 2. This adds support for fragmenting EAP-PEAP/TTLS/FAST Phase 2 (tunneled) data.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+293