EAP-TTLS/PEAP/FAST peer: Stop immediately on local TLS processing failure

EAP-TLS was already doing this, but the other TLS-based EAP methods did not mark methodState DONE and decision FAIL on local TLS processing errors (instead, they left the connection waiting for a longer timeout). Signed-off-by: Jouni Malinen <j@w1.fi>
author: Jouni Malinen <j@w1.fi> 2015-07-28 13:30:41 (GMT)
committer: Jouni Malinen <j@w1.fi> 2015-07-28 18:00:18 (GMT)
commit: bb91243047d22952490ff1d6cd626dd0301c5371 (patch)
tree: 28b7c18da6ce4f330f6a1c3fd135274376b6e8ff /src/eap_peer/eap_fast.c
parent: 6ee66b4251866298a370101f272a01b7f62daa1b (diff)
download: hostap-bb91243047d22952490ff1d6cd626dd0301c5371.zip
hostap-bb91243047d22952490ff1d6cd626dd0301c5371.tar.gz
hostap-bb91243047d22952490ff1d6cd626dd0301c5371.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index f636e74..4cbe3ba 100644
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -1572,6 +1572,13 @@ static struct wpabuf * eap_fast_process(struct eap_sm *sm, void *priv,
 						  EAP_TYPE_FAST,
 						  data->fast_version, id, &msg,
 						  &resp);
+		if (res < 0) {
+			wpa_printf(MSG_DEBUG,
+				   "EAP-FAST: TLS processing failed");
+			ret->methodState = METHOD_DONE;
+			ret->decision = DECISION_FAIL;
+			return resp;
+		}
 
 		if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
 			char cipher[80];
author	Jouni Malinen <j@w1.fi>	2015-07-28 13:30:41 (GMT)
committer	Jouni Malinen <j@w1.fi>	2015-07-28 18:00:18 (GMT)
commit	bb91243047d22952490ff1d6cd626dd0301c5371 (patch)
tree	28b7c18da6ce4f330f6a1c3fd135274376b6e8ff /src/eap_peer/eap_fast.c
parent	6ee66b4251866298a370101f272a01b7f62daa1b (diff)
download	hostap-bb91243047d22952490ff1d6cd626dd0301c5371.zip hostap-bb91243047d22952490ff1d6cd626dd0301c5371.tar.gz hostap-bb91243047d22952490ff1d6cd626dd0301c5371.tar.bz2