diff options
| author | Martin Willi <martin@strongswan.org> | 2009-10-22 14:05:10 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-11-12 10:33:59 +0100 |
| commit | 4735965fc0480019d9a4369124e276ce9fbe25f9 (patch) | |
| tree | 0f923959c61104402547c8faf1e99880c5732b88 /src/charon/plugins/eap_sim/eap_sim_server.c | |
| parent | 02f785b050d87d231b5cc4dfed917033638cc3fd (diff) | |
| download | strongswan-4735965fc0480019d9a4369124e276ce9fbe25f9.tar.bz2 strongswan-4735965fc0480019d9a4369124e276ce9fbe25f9.tar.xz | |
EAP servers check if the received EAP message was expected
Diffstat (limited to 'src/charon/plugins/eap_sim/eap_sim_server.c')
| -rw-r--r-- | src/charon/plugins/eap_sim/eap_sim_server.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/charon/plugins/eap_sim/eap_sim_server.c index 82ed1e093..5e4d11530 100644 --- a/src/charon/plugins/eap_sim/eap_sim_server.c +++ b/src/charon/plugins/eap_sim/eap_sim_server.c @@ -59,6 +59,11 @@ struct private_eap_sim_server_t { * MSK, used for EAP-SIM based IKEv2 authentication */ chunk_t msk; + + /** + * EAP-SIM message we have initiated + */ + simaka_subtype_t pending; }; /* version of SIM protocol we speak */ @@ -103,6 +108,13 @@ static status_t process_start(private_eap_sim_server_t *this, bool supported = FALSE; int i; + if (this->pending != SIM_START) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_START); + return FAILED; + } + enumerator = in->create_attribute_enumerator(in); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -166,6 +178,8 @@ static status_t process_start(private_eap_sim_server_t *this, message->add_attribute(message, AT_RAND, rands); *out = message->generate(message, this->crypto, nonce); message->destroy(message); + + this->pending = SIM_CHALLENGE; return NEED_MORE; } @@ -179,6 +193,13 @@ static status_t process_challenge(private_eap_sim_server_t *this, simaka_attribute_t type; chunk_t data; + if (this->pending != SIM_CHALLENGE) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_CHALLENGE); + return FAILED; + } + enumerator = in->create_attribute_enumerator(in); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -281,6 +302,8 @@ static status_t initiate(private_eap_sim_server_t *this, eap_payload_t **out) message->add_attribute(message, AT_VERSION_LIST, version); *out = message->generate(message, this->crypto, chunk_empty); message->destroy(message); + + this->pending = SIM_START; return NEED_MORE; } @@ -350,6 +373,7 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server, this->peer = peer->clone(peer); this->sreses = chunk_empty; this->msk = chunk_empty; + this->pending = 0; /* generate a non-zero identifier */ do { this->identifier = random(); |