aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-02-03 03:28:11 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-03 03:28:11 (GMT)
commit52b450dd741929d9290dac81ac172a80eafd8632 (patch)
treeb148b557b15d9f7e643e9aa83d9f2d45a42b6bad
parentde6ccd7c1722f62240526c0bee528a568073afb3 (diff)
downloadhostap-history-52b450dd741929d9290dac81ac172a80eafd8632.zip
hostap-history-52b450dd741929d9290dac81ac172a80eafd8632.tar.gz
hostap-history-52b450dd741929d9290dac81ac172a80eafd8632.tar.bz2
Fixed EAP-SIM/AKA realm processing to allow decorated usernames to be used
The identity length needs to be compared to IMSI length only after the possible realm has been removed to avoid rejecting decorated usernames (e.g., 1<IMSI>@wlan.mnc###.mcc###.3gppnetwork.org).
-rw-r--r--hostapd/ChangeLog2
-rw-r--r--src/eap_server/eap_sim_db.c42
2 files changed, 34 insertions, 10 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 2e0a5be..5ba4fb9 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -18,6 +18,8 @@ ChangeLog for hostapd
* fixed EAPOL state machine to handle a case in which no response is
received from the RADIUS authentication server; previous version
could have triggered a crash in some cases after a timeout
+ * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
+ be used
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
diff --git a/src/eap_server/eap_sim_db.c b/src/eap_server/eap_sim_db.c
index bc6e020..29f1996 100644
--- a/src/eap_server/eap_sim_db.c
+++ b/src/eap_server/eap_sim_db.c
@@ -555,8 +555,7 @@ int eap_sim_db_get_gsm_triplets(void *priv, const u8 *identity,
size_t i;
char msg[40];
- if (identity_len < 2 || identity[0] != EAP_SIM_PERMANENT_PREFIX ||
- identity_len + 1 > sizeof(entry->imsi)) {
+ if (identity_len < 2 || identity[0] != EAP_SIM_PERMANENT_PREFIX) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return EAP_SIM_DB_FAILURE;
@@ -569,6 +568,11 @@ int eap_sim_db_get_gsm_triplets(void *priv, const u8 *identity,
break;
}
}
+ if (identity_len + 1 > sizeof(entry->imsi)) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return EAP_SIM_DB_FAILURE;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI",
identity, identity_len);
@@ -1119,8 +1123,7 @@ int eap_sim_db_get_aka_auth(void *priv, const u8 *identity,
char msg[40];
if (identity_len < 2 || identity == NULL ||
- identity[0] != EAP_AKA_PERMANENT_PREFIX ||
- identity_len + 1 > sizeof(entry->imsi)) {
+ identity[0] != EAP_AKA_PERMANENT_PREFIX) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return EAP_SIM_DB_FAILURE;
@@ -1133,6 +1136,11 @@ int eap_sim_db_get_aka_auth(void *priv, const u8 *identity,
break;
}
}
+ if (identity_len + 1 > sizeof(entry->imsi)) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return EAP_SIM_DB_FAILURE;
+ }
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI",
identity, identity_len);
@@ -1215,9 +1223,23 @@ int eap_sim_db_resynchronize(void *priv, const u8 *identity,
const u8 *_rand)
{
struct eap_sim_db_data *data = priv;
+ size_t i;
- if (identity_len < 2 || identity[0] != EAP_AKA_PERMANENT_PREFIX ||
- identity_len > 20) {
+ if (identity_len < 2 || identity == NULL ||
+ identity[0] != EAP_AKA_PERMANENT_PREFIX) {
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
+ identity, identity_len);
+ return -1;
+ }
+ identity++;
+ identity_len--;
+ for (i = 0; i < identity_len; i++) {
+ if (identity[i] == '@') {
+ identity_len = i;
+ break;
+ }
+ }
+ if (identity_len > 20) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity",
identity, identity_len);
return -1;
@@ -1228,10 +1250,10 @@ int eap_sim_db_resynchronize(void *priv, const u8 *identity,
int len, ret;
len = os_snprintf(msg, sizeof(msg), "AKA-AUTS ");
- if (len < 0 || len + identity_len - 1 >= sizeof(msg))
+ if (len < 0 || len + identity_len >= sizeof(msg))
return -1;
- os_memcpy(msg + len, identity + 1, identity_len - 1);
- len += identity_len - 1;
+ os_memcpy(msg + len, identity, identity_len);
+ len += identity_len;
ret = os_snprintf(msg + len, sizeof(msg) - len, " ");
if (ret < 0 || (size_t) ret >= sizeof(msg) - len)
@@ -1246,7 +1268,7 @@ int eap_sim_db_resynchronize(void *priv, const u8 *identity,
len += wpa_snprintf_hex(msg + len, sizeof(msg) - len,
_rand, EAP_AKA_RAND_LEN);
wpa_hexdump(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for "
- "IMSI", identity + 1, identity_len - 1);
+ "IMSI", identity, identity_len);
if (eap_sim_db_send(data, msg, len) < 0)
return -1;
}