From: Martin Stanislav <ms@xxxxxxxx> Start the (EAP request) identifier at an initial random value as recommended by RFC 3748 in section 4.1 Request and Response on page 21. os_get_random is used instead of os_random as suggested by Nick Lowe. No fallback, eapol_test hard-fails if os_get_random fails. Thanks for your comments/suggestions. Signed-off-by: Martin Stanislav <ms@xxxxxxxx> --- wpa_supplicant/eapol_test.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/wpa_supplicant/eapol_test.c b/wpa_supplicant/eapol_test.c index 6548bd17b..85dc6495b 100644 --- a/wpa_supplicant/eapol_test.c +++ b/wpa_supplicant/eapol_test.c @@ -65,6 +65,7 @@ struct eapol_test_data { int radius_access_accept_received; int radius_access_reject_received; int auth_timed_out; + int get_random_failed; u8 *eap_identity; size_t eap_identity_len; @@ -353,7 +354,7 @@ static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx) struct eapol_test_data *e = eloop_ctx; printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n"); e->radius_access_accept_received = 0; - send_eap_request_identity(e->wpa_s, NULL); + send_eap_request_identity(e, NULL); } @@ -699,7 +700,8 @@ static void test_eapol_clean(struct eapol_test_data *e, static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx) { - struct wpa_supplicant *wpa_s = eloop_ctx; + struct eapol_test_data *e = eloop_ctx; + struct wpa_supplicant *wpa_s = e->wpa_s; u8 buf[100], *pos; struct ieee802_1x_hdr *hdr; struct eap_hdr *eap; @@ -711,7 +713,13 @@ static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx) eap = (struct eap_hdr *) (hdr + 1); eap->code = EAP_CODE_REQUEST; - eap->identifier = 0; + if (os_get_random((u8 *) &eap->identifier, sizeof(eap->identifier)) < 0) + { + printf("Failed to initialize EAP packet identifier\n"); + e->get_random_failed = 1; + eloop_terminate(); + return; + } eap->length = htons(5); pos = (u8 *) (eap + 1); *pos = EAP_TYPE_IDENTITY; @@ -973,7 +981,7 @@ static int driver_get_bssid(void *priv, u8 *bssid) if (e->ctrl_iface && !e->id_req_sent) { eloop_register_timeout(0, 0, send_eap_request_identity, - e->wpa_s, NULL); + e, NULL); e->id_req_sent = 1; } @@ -1511,8 +1519,8 @@ int main(int argc, char *argv[]) if (!ctrl_iface) { eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test, NULL); - eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, - NULL); + eloop_register_timeout(0, 0, send_eap_request_identity, + &eapol_test, NULL); } eloop_register_signal_terminate(eapol_test_terminate, &wpa_s); eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s); @@ -1548,6 +1556,8 @@ int main(int argc, char *argv[]) eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch); if (eapol_test.num_mppe_mismatch) ret = -4; + if (eapol_test.get_random_failed) + ret = -5; if (ret) printf("FAILURE\n"); else -- 2.17.1 (Apple Git-112) _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap