summaryrefslogtreecommitdiffstats
path: root/contrib/hostapd/eap.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/hostapd/eap.c')
-rw-r--r--contrib/hostapd/eap.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/contrib/hostapd/eap.c b/contrib/hostapd/eap.c
index 1897856..b321ea6 100644
--- a/contrib/hostapd/eap.c
+++ b/contrib/hostapd/eap.c
@@ -26,6 +26,7 @@
#include "sta_info.h"
#include "eap_i.h"
+#define EAP_MAX_AUTH_ROUNDS 50
extern const struct eap_method eap_method_identity;
#ifdef EAP_MD5
@@ -52,6 +53,12 @@ extern const struct eap_method eap_method_ttls;
#ifdef EAP_SIM
extern const struct eap_method eap_method_sim;
#endif /* EAP_SIM */
+#ifdef EAP_PAX
+extern const struct eap_method eap_method_pax;
+#endif /* EAP_PAX */
+#ifdef EAP_PSK
+extern const struct eap_method eap_method_psk;
+#endif /* EAP_PSK */
static const struct eap_method *eap_methods[] =
{
@@ -80,6 +87,12 @@ static const struct eap_method *eap_methods[] =
#ifdef EAP_SIM
&eap_method_sim,
#endif /* EAP_SIM */
+#ifdef EAP_PAX
+ &eap_method_pax,
+#endif /* EAP_PAX */
+#ifdef EAP_PSK
+ &eap_method_psk,
+#endif /* EAP_PSK */
};
#define NUM_EAP_METHODS (sizeof(eap_methods) / sizeof(eap_methods[0]))
@@ -199,6 +212,7 @@ int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len,
SM_STATE(EAP, DISABLED)
{
SM_ENTRY(EAP, DISABLED);
+ sm->num_rounds = 0;
}
@@ -234,6 +248,7 @@ SM_STATE(EAP, INITIALIZE)
sm->currentId = sm->respId;
}
}
+ sm->num_rounds = 0;
}
@@ -290,6 +305,7 @@ SM_STATE(EAP, RECEIVED)
/* parse rxResp, respId, respMethod */
eap_sm_parseEapResp(sm, sm->eapRespData, sm->eapRespDataLen);
+ sm->num_rounds++;
}
@@ -505,7 +521,15 @@ SM_STEP(EAP)
SM_ENTER_GLOBAL(EAP, INITIALIZE);
else if (!eapol_get_bool(sm, EAPOL_portEnabled))
SM_ENTER_GLOBAL(EAP, DISABLED);
- else switch (sm->EAP_state) {
+ else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) {
+ if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) {
+ wpa_printf(MSG_DEBUG, "EAP: more than %d "
+ "authentication rounds - abort",
+ EAP_MAX_AUTH_ROUNDS);
+ sm->num_rounds++;
+ SM_ENTER_GLOBAL(EAP, FAILURE);
+ }
+ } else switch (sm->EAP_state) {
case EAP_INITIALIZE:
if (sm->backend_auth) {
if (!sm->rxResp)
@@ -912,6 +936,7 @@ void eap_sm_deinit(struct eap_sm *sm)
free(sm);
}
+
void eap_sm_notify_cached(struct eap_sm *sm)
{
if (sm == NULL)
OpenPOWER on IntegriCloud