aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-02-01 04:03:10 (GMT)
committerJouni Malinen <j@w1.fi>2008-02-01 04:03:10 (GMT)
commitde6ccd7c1722f62240526c0bee528a568073afb3 (patch)
tree7c51b1a1ccc85ed2b6ca6b187864c040564c2e17
parent0a8ff05a72ece70d8a855aad972a9409f665b8eb (diff)
downloadhostap-history-de6ccd7c1722f62240526c0bee528a568073afb3.zip
hostap-history-de6ccd7c1722f62240526c0bee528a568073afb3.tar.gz
hostap-history-de6ccd7c1722f62240526c0bee528a568073afb3.tar.bz2
Fixed a crash on no-RADIUS-server-reply timeout
Fixed EAPOL state machine to handle a case in which no response is received from the RADIUS authentication server; previous version could have triggered a crash in some cases after a timeout. The aaaEapResp variable may be set (or left) to TRUE even if aaaEapRespData is NULL. This triggered a segmentation fault in wpabuf_head() call when trying to send out the empty buffer.
-rw-r--r--hostapd/ChangeLog3
-rw-r--r--hostapd/eapol_sm.c5
2 files changed, 8 insertions, 0 deletions
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 6241c60..2e0a5be 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -15,6 +15,9 @@ ChangeLog for hostapd
* updated FT support to use the latest draft, IEEE 802.11r/D9.0
* copy optional Proxy-State attributes into RADIUS response when acting
as a RADIUS authentication server
+ * fixed EAPOL state machine to handle a case in which no response is
+ received from the RADIUS authentication server; previous version
+ could have triggered a crash in some cases after a timeout
2008-01-01 - v0.6.2
* fixed EAP-SIM and EAP-AKA message parser to validate attribute
diff --git a/hostapd/eapol_sm.c b/hostapd/eapol_sm.c
index 1b277d6..2e63bef 100644
--- a/hostapd/eapol_sm.c
+++ b/hostapd/eapol_sm.c
@@ -901,6 +901,11 @@ restart:
/* TODO: find a better location for this */
if (sm->eap_if->aaaEapResp) {
sm->eap_if->aaaEapResp = FALSE;
+ if (sm->eap_if->aaaEapRespData == NULL) {
+ wpa_printf(MSG_DEBUG, "EAPOL: aaaEapResp set, "
+ "but no aaaEapRespData available");
+ return;
+ }
sm->eapol->cb.aaa_send(
sm->hapd, sm->sta,
wpabuf_head(sm->eap_if->aaaEapRespData),