diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-08-22 17:01:13 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-31 11:37:45 +0200 |
| commit | 7cad171da8a67a61cce493d90206723dfc47d510 (patch) | |
| tree | 6ab6958ced010e67e5a294fd281f799af958875c | |
| parent | eae5616ae69a3c289bc20d1e50ad90a2789a348b (diff) | |
| download | strongswan-7cad171da8a67a61cce493d90206723dfc47d510.tar.bz2 strongswan-7cad171da8a67a61cce493d90206723dfc47d510.tar.xz | |
Filter invalid EAP authentication types when enumerating them
Valid authentication types defined by the IETF are 4-253 and 255.
| -rw-r--r-- | src/libcharon/sa/eap/eap_manager.c | 6 | ||||
| -rw-r--r-- | src/libcharon/sa/eap/eap_manager.h | 5 |
2 files changed, 10 insertions, 1 deletions
diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c index ad2628393..520c0ce56 100644 --- a/src/libcharon/sa/eap/eap_manager.c +++ b/src/libcharon/sa/eap/eap_manager.c @@ -115,6 +115,12 @@ static bool filter_methods(uintptr_t role, eap_entry_t **entry, { return FALSE; } + if ((*entry)->vendor == 0 && + ((*entry)->type < 4 || (*entry)->type == EAP_EXPANDED || + (*entry)->type > EAP_EXPERIMENTAL)) + { /* filter invalid types */ + return FALSE; + } if (type) { *type = (*entry)->type; diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h index ff548f6db..e318ef57a 100644 --- a/src/libcharon/sa/eap/eap_manager.h +++ b/src/libcharon/sa/eap/eap_manager.h @@ -55,7 +55,10 @@ struct eap_manager_t { void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor); /** - * Enumerate the registered EAP methods for the given role. + * Enumerate the registered EAP authentication methods for the given role. + * + * @note Only authentication types are enumerated (e.g. EAP-Identity is not + * even though it is registered as method with this manager). * * @param role EAP role of methods to enumerate * @return enumerator over (eap_type_t type, u_int32_t vendor) |