From: Martin Stanislav <ms@xxxxxxxx>
Start the (EAP request) identifier at an initial random value
as recommended by RFC 3748 in section 4.1 Request and Response
on page 21.
os_get_random is used instead of os_random as suggested by Nick Lowe.
No fallback, eapol_test hard-fails if os_get_random fails.
Thanks for your comments/suggestions.
Signed-off-by: Martin Stanislav <ms@xxxxxxxx>
---
wpa_supplicant/eapol_test.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c
index 6548bd17b..85dc6495b 100644
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
@@ -65,6 +65,7 @@ struct eapol_test_data {
int radius_access_accept_received;
int radius_access_reject_received;
int auth_timed_out;
+ int get_random_failed;
u8 *eap_identity;
size_t eap_identity_len;
@@ -353,7 +354,7 @@ static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx)
struct eapol_test_data *e = eloop_ctx;
printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n");
e->radius_access_accept_received = 0;
- send_eap_request_identity(e->wpa_s, NULL);
+ send_eap_request_identity(e, NULL);
}
@@ -699,7 +700,8 @@ static void test_eapol_clean(struct eapol_test_data *e,
static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
{
- struct wpa_supplicant *wpa_s = eloop_ctx;
+ struct eapol_test_data *e = eloop_ctx;
+ struct wpa_supplicant *wpa_s = e->wpa_s;
u8 buf[100], *pos;
struct ieee802_1x_hdr *hdr;
struct eap_hdr *eap;
@@ -711,7 +713,13 @@ static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx)
eap = (struct eap_hdr *) (hdr + 1);
eap->code = EAP_CODE_REQUEST;
- eap->identifier = 0;
+ if (os_get_random((u8 *) &eap->identifier, sizeof(eap->identifier)) < 0)
+ {
+ printf("Failed to initialize EAP packet identifier\n");
+ e->get_random_failed = 1;
+ eloop_terminate();
+ return;
+ }
eap->length = htons(5);
pos = (u8 *) (eap + 1);
*pos = EAP_TYPE_IDENTITY;
@@ -973,7 +981,7 @@ static int driver_get_bssid(void *priv, u8 *bssid)
if (e->ctrl_iface && !e->id_req_sent) {
eloop_register_timeout(0, 0, send_eap_request_identity,
- e->wpa_s, NULL);
+ e, NULL);
e->id_req_sent = 1;
}
@@ -1511,8 +1519,8 @@ int main(int argc, char *argv[])
if (!ctrl_iface) {
eloop_register_timeout(timeout, 0, eapol_test_timeout,
&eapol_test, NULL);
- eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s,
- NULL);
+ eloop_register_timeout(0, 0, send_eap_request_identity,
+ &eapol_test, NULL);
}
eloop_register_signal_terminate(eapol_test_terminate, &wpa_s);
eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s);
@@ -1548,6 +1556,8 @@ int main(int argc, char *argv[])
eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch);
if (eapol_test.num_mppe_mismatch)
ret = -4;
+ if (eapol_test.get_random_failed)
+ ret = -5;
if (ret)
printf("FAILURE\n");
else
--
2.17.1 (Apple Git-112)
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
