aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_aka.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-09-01 16:23:14 (GMT)
committerJouni Malinen <j@w1.fi>2012-09-01 16:23:14 (GMT)
commit02a0ce13bc5961e1d451e11699bee72e78a3d2e1 (patch)
treea052007c5f1d72f07be34c761deadd851caa9a9f /src/eap_server/eap_server_aka.c
parentb4569a3bd859c77df9f0fa3fbfb98ff65a2ab721 (diff)
downloadhostap-02a0ce13bc5961e1d451e11699bee72e78a3d2e1.zip
hostap-02a0ce13bc5961e1d451e11699bee72e78a3d2e1.tar.gz
hostap-02a0ce13bc5961e1d451e11699bee72e78a3d2e1.tar.bz2
EAP-AKA server: Require AKA/Identity response to include identity
Since we always request an identity in the request, the response has to include AT_IDENTITY. This allows the AKA/Identity response processing to be simplified a bit. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server/eap_server_aka.c')
-rw-r--r--src/eap_server/eap_server_aka.c31
1 files changed, 23 insertions, 8 deletions
diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c
index e8d355d..e98eaa4 100644
--- a/src/eap_server/eap_server_aka.c
+++ b/src/eap_server/eap_server_aka.c
@@ -773,6 +773,8 @@ static void eap_aka_process_identity(struct eap_sm *sm,
struct wpabuf *respData,
struct eap_sim_attrs *attr)
{
+ u8 *new_identity;
+
wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity");
if (attr->mac || attr->iv || attr->encr_data) {
@@ -783,15 +785,28 @@ static void eap_aka_process_identity(struct eap_sm *sm,
return;
}
- if (attr->identity) {
- os_free(sm->identity);
- sm->identity = os_malloc(attr->identity_len);
- if (sm->identity) {
- os_memcpy(sm->identity, attr->identity,
- attr->identity_len);
- sm->identity_len = attr->identity_len;
- }
+ /*
+ * We always request identity with AKA/Identity, so the peer is
+ * required to have replied with one.
+ */
+ if (!attr->identity || attr->identity_len == 0) {
+ wpa_printf(MSG_DEBUG, "EAP-AKA: Peer did not provide any "
+ "identity");
+ data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
+ eap_aka_state(data, NOTIFICATION);
+ return;
+ }
+
+ new_identity = os_malloc(attr->identity_len);
+ if (new_identity == NULL) {
+ data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
+ eap_aka_state(data, NOTIFICATION);
+ return;
}
+ os_free(sm->identity);
+ sm->identity = new_identity;
+ os_memcpy(sm->identity, attr->identity, attr->identity_len);
+ sm->identity_len = attr->identity_len;
eap_aka_determine_identity(sm, data, 0, 0);
if (eap_get_id(respData) == data->pending_id) {