pppd: Ignore received EAP messages when not doing EAPeapfix

This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

1 files changed, 18 insertions, 0 deletions

diff --git a/pppd/eap.c b/pppd/eap.c
index 1b93db0..082e953 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1329,6 +1329,12 @@ int len;
 #endif /* USE_SRP */
 
 	/*
+	 * Ignore requests if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
+	/*
 	 * Note: we update es_client.ea_id *only if* a Response
 	 * message is being generated.  Otherwise, we leave it the
 	 * same for duplicate detection purposes.
@@ -1736,6 +1742,12 @@ int len;
 	u_char dig[SHA_DIGESTSIZE];
 #endif /* USE_SRP */
 
+	/*
+	 * Ignore responses if we're not open
+	 */
+	if (esp->es_server.ea_state <= eapClosed)
+		return;
+
 	if (esp->es_server.ea_id != id) {
 		dbglog("EAP: discarding Response %d; expected ID %d", id,
 		    esp->es_server.ea_id);
@@ -2047,6 +2059,12 @@ u_char *inp;
 int id;
 int len;
 {
+	/*
+	 * Ignore failure messages if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
 	if (!eap_client_active(esp)) {
 		dbglog("EAP unexpected failure message in state %s (%d)",
 		    eap_state_name(esp->es_client.ea_state),