aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_peap.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/eap_peer/eap_peap.c')
-rw-r--r--src/eap_peer/eap_peap.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 027027d..1f77aa7 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -41,6 +41,8 @@ struct eap_peap_data {
const struct eap_method *phase2_method;
void *phase2_priv;
int phase2_success;
+ int phase2_eap_success;
+ int phase2_eap_started;
struct eap_method_type phase2_type;
struct eap_method_type *phase2_types;
@@ -204,7 +206,9 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
break;
case EAP_TYPE_TLV:
os_memset(&iret, 0, sizeof(iret));
- if (eap_tlv_process(sm, &iret, req, resp)) {
+ if (eap_tlv_process(sm, &iret, req, resp,
+ data->phase2_eap_started &&
+ !data->phase2_eap_success)) {
ret->methodState = METHOD_DONE;
ret->decision = DECISION_FAIL;
return -1;
@@ -264,6 +268,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
ret->decision = DECISION_FAIL;
return -1;
}
+ data->phase2_eap_started = 1;
os_memset(&iret, 0, sizeof(iret));
*resp = data->phase2_method->process(sm, data->phase2_priv,
&iret, req);
@@ -271,6 +276,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
iret.methodState == METHOD_MAY_CONT) &&
(iret.decision == DECISION_UNCOND_SUCC ||
iret.decision == DECISION_COND_SUCC)) {
+ data->phase2_eap_success = 1;
data->phase2_success = 1;
}
break;
@@ -458,6 +464,17 @@ continue_req:
/* EAP-Success within TLS tunnel is used to indicate
* shutdown of the TLS channel. The authentication has
* been completed. */
+ if (data->phase2_eap_started &&
+ !data->phase2_eap_success) {
+ wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 "
+ "Success used to indicate success, "
+ "but Phase 2 EAP was not yet "
+ "completed successfully");
+ ret->methodState = METHOD_DONE;
+ ret->decision = DECISION_FAIL;
+ wpabuf_free(in_decrypted);
+ return 0;
+ }
wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - "
"EAP-Success within TLS tunnel - "
"authentication completed");
@@ -712,6 +729,8 @@ static void * eap_peap_init_for_reauth(struct eap_sm *sm, void *priv)
data->phase2_method->init_for_reauth)
data->phase2_method->init_for_reauth(sm, data->phase2_priv);
data->phase2_success = 0;
+ data->phase2_eap_success = 0;
+ data->phase2_eap_started = 0;
data->resuming = 1;
sm->peap_done = FALSE;
return priv;