aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2013-11-24 16:26:05 (GMT)
committerJouni Malinen <j@w1.fi>2013-11-24 16:26:05 (GMT)
commitd9c753b4f5670ce8bcfca137c1c7b63a4cb1be46 (patch)
tree8cf42f6da9bef1331d2fc7c2cfbdb5e5b394d93f /src/eap_server
parent59d343858d881d80d604e5f251b46cfc4b3b8759 (diff)
downloadhostap-d9c753b4f5670ce8bcfca137c1c7b63a4cb1be46.zip
hostap-d9c753b4f5670ce8bcfca137c1c7b63a4cb1be46.tar.gz
hostap-d9c753b4f5670ce8bcfca137c1c7b63a4cb1be46.tar.bz2
EAP server: Handle EAP method initialization failures more cleanly
Allow another EAP method to be tried if one of the enabled methods fails. If all the remaining methods fail, reject connection by adding a new METHOD_REQUEST -> FAILURE transition. Previously, this case resulted in the state machine trying to send a message when none was available and then waiting for a following event until timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/eap_server.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
index 54b7533..233e272 100644
--- a/src/eap_server/eap_server.c
+++ b/src/eap_server/eap_server.c
@@ -343,6 +343,7 @@ SM_STATE(EAP, PROPOSE_METHOD)
SM_ENTRY(EAP, PROPOSE_METHOD);
+try_another_method:
type = eap_sm_Policy_getNextMethod(sm, &vendor);
if (vendor == EAP_VENDOR_IETF)
sm->currentMethod = type;
@@ -360,8 +361,14 @@ SM_STATE(EAP, PROPOSE_METHOD)
"method %d", sm->currentMethod);
sm->m = NULL;
sm->currentMethod = EAP_TYPE_NONE;
+ goto try_another_method;
}
}
+ if (sm->m == NULL) {
+ wpa_printf(MSG_DEBUG, "EAP: Could not find suitable EAP method");
+ sm->decision = DECISION_FAILURE;
+ return;
+ }
if (sm->currentMethod == EAP_TYPE_IDENTITY ||
sm->currentMethod == EAP_TYPE_NOTIFICATION)
sm->methodState = METHOD_CONTINUE;
@@ -702,6 +709,15 @@ SM_STEP(EAP)
SM_ENTER(EAP, METHOD_RESPONSE);
break;
case EAP_METHOD_REQUEST:
+ if (sm->m == NULL) {
+ /*
+ * This transition is not mentioned in RFC 4137, but it
+ * is needed to handle cleanly a case where EAP method
+ * initialization fails.
+ */
+ SM_ENTER(EAP, FAILURE);
+ break;
+ }
SM_ENTER(EAP, SEND_REQUEST);
break;
case EAP_METHOD_RESPONSE: