diff --git a/components/wpa_supplicant/port/include/os.h b/components/wpa_supplicant/port/include/os.h index 48f7ab85e..0028c21e9 100644 --- a/components/wpa_supplicant/port/include/os.h +++ b/components/wpa_supplicant/port/include/os.h @@ -270,7 +270,7 @@ char * ets_strdup(const char *s); #ifdef _MSC_VER #define os_snprintf _snprintf #else -#define os_snprintf vsnprintf +#define os_snprintf snprintf #endif #endif diff --git a/components/wpa_supplicant/src/wpa2/eap_peer/eap.c b/components/wpa_supplicant/src/wpa2/eap_peer/eap.c index 10fc2257b..3ddd29427 100644 --- a/components/wpa_supplicant/src/wpa2/eap_peer/eap.c +++ b/components/wpa_supplicant/src/wpa2/eap_peer/eap.c @@ -300,6 +300,17 @@ struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id) } for (m = methods; m; m = m->next) { + //do not propose insecure unencapsulated MSCHAPv2 as Phase 1 Method + if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_MSCHAPV2) + continue; + + //do not propose EAP_TYPE_TLS if no client cert/key are configured + if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_TLS) { + struct eap_peer_config *config = eap_get_config(sm); + if (config == NULL || config->private_key == 0 || config->client_cert == 0) + continue; + } + if (type == EAP_TYPE_EXPANDED) { wpabuf_put_u8(resp, EAP_TYPE_EXPANDED); wpabuf_put_be24(resp, m->vendor); diff --git a/components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c b/components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c index 89d7b8fc1..b28c1eabc 100644 --- a/components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c +++ b/components/wpa_supplicant/src/wpa2/eap_peer/eap_mschapv2.c @@ -95,6 +95,11 @@ static void * eap_mschapv2_init(struct eap_sm *sm) { struct eap_mschapv2_data *data; + + //Do not init insecure unencapsulated MSCHAPv2 as Phase 1 method, only init if Phase 2 + if(!sm->init_phase2) + return NULL; + data = (struct eap_mschapv2_data *)os_zalloc(sizeof(*data)); if (data == NULL) return NULL; diff --git a/components/wpa_supplicant/src/wpa2/tls/x509v3.c b/components/wpa_supplicant/src/wpa2/tls/x509v3.c index 66a0e448e..ba331cdec 100644 --- a/components/wpa_supplicant/src/wpa2/tls/x509v3.c +++ b/components/wpa_supplicant/src/wpa2/tls/x509v3.c @@ -543,8 +543,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len) end = buf + len; for (i = 0; i < name->num_attr; i++) { - //ret = os_snprintf(pos, end - pos, "%s=%s, ", - ret = sprintf(pos, "%s=%s, ", + ret = os_snprintf(pos, end - pos, "%s=%s, ", x509_name_attr_str(name->attr[i].type), name->attr[i].value); if (ret < 0 || ret >= end - pos) @@ -560,8 +559,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len) } if (name->email) { - //ret = os_snprintf(pos, end - pos, "/emailAddress=%s", - ret = sprintf(pos, "/emailAddress=%s", + ret = os_snprintf(pos, end - pos, "/emailAddress=%s", name->email); if (ret < 0 || ret >= end - pos) goto done;