Re: [PATCH] EAP-TTLS: Fix parsing auth= and autheap= Phase2 params

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Dec 06, 2015 at 12:01:32PM +0100, Pali Rohár wrote:
> This patch fix security issue when Phase2 param auth=MSCHAPv2 was handled as
> MSCHAP (v1) which degraded security. Now when invalid or unsupported auth=
> Phase2 param combinations are specified then EAP-TTLS throw error instead
> silently doing something.
> 
> More then one auth= Phase2 type cannot be specified and also both auth= and
> autheap= options cannot be specified.
> 
> Parsing Phase2 type is case sensitive (as in other EAP parts), so Phase2
> param auth=MSCHAPv2 is invalid. Only auth=MSCHAPV2 is correct.
> ---

Could you please read the top level CONTRIBUTIONS file and resubmit this
with Signed-off-by: line added so that I can apply the changes?

As far as the changes are concerned, would it be more useful to make
phase2 parsing case insensitive to allow that previously invalid
auth=MSCHAPv2 case to be parsed in the same way as the valid
auth=MSCHAPV2 case?

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux