diff options
author | Paul Mackerras <paulus@ozlabs.org> | 2020-02-03 16:31:42 +1100 |
---|---|---|
committer | Paul Mackerras <paulus@ozlabs.org> | 2020-02-03 16:31:42 +1100 |
commit | 8d45443bb5c9372b4c6a362ba2f443d41c5636af (patch) | |
tree | af8b1ae019e8693ca5f91b7a277e1d09b90ab581 | |
parent | 8d7970b8f3db727fe798b65f3377fe6787575426 (diff) | |
download | ppp-eapfix.tar.gz |
pppd: Ignore received EAP messages when not doing EAPeapfix
This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet. The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets. Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
-rw-r--r-- | pppd/eap.c | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -1329,6 +1329,12 @@ int len; #endif /* USE_SRP */ /* + * Ignore requests if we're not open + */ + if (esp->es_client.ea_state <= eapClosed) + return; + + /* * Note: we update es_client.ea_id *only if* a Response * message is being generated. Otherwise, we leave it the * same for duplicate detection purposes. @@ -1736,6 +1742,12 @@ int len; u_char dig[SHA_DIGESTSIZE]; #endif /* USE_SRP */ + /* + * Ignore responses if we're not open + */ + if (esp->es_server.ea_state <= eapClosed) + return; + if (esp->es_server.ea_id != id) { dbglog("EAP: discarding Response %d; expected ID %d", id, esp->es_server.ea_id); @@ -2047,6 +2059,12 @@ u_char *inp; int id; int len; { + /* + * Ignore failure messages if we're not open + */ + if (esp->es_client.ea_state <= eapClosed) + return; + if (!eap_client_active(esp)) { dbglog("EAP unexpected failure message in state %s (%d)", eap_state_name(esp->es_client.ea_state), |