Merge branch 'bugfix/wpa2_fixes' into 'master'
wpa2_enterprise fixes from Github See merge request idf/esp-idf!3166
This commit is contained in:
commit
9b566a8965
|
@ -270,7 +270,7 @@ char * ets_strdup(const char *s);
|
||||||
#ifdef _MSC_VER
|
#ifdef _MSC_VER
|
||||||
#define os_snprintf _snprintf
|
#define os_snprintf _snprintf
|
||||||
#else
|
#else
|
||||||
#define os_snprintf vsnprintf
|
#define os_snprintf snprintf
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -300,6 +300,17 @@ struct wpabuf * eap_sm_build_nak(struct eap_sm *sm, EapType type, u8 id)
|
||||||
}
|
}
|
||||||
|
|
||||||
for (m = methods; m; m = m->next) {
|
for (m = methods; m; m = m->next) {
|
||||||
|
//do not propose insecure unencapsulated MSCHAPv2 as Phase 1 Method
|
||||||
|
if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_MSCHAPV2)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
//do not propose EAP_TYPE_TLS if no client cert/key are configured
|
||||||
|
if(m->vendor == EAP_VENDOR_IETF && m->method == EAP_TYPE_TLS) {
|
||||||
|
struct eap_peer_config *config = eap_get_config(sm);
|
||||||
|
if (config == NULL || config->private_key == 0 || config->client_cert == 0)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (type == EAP_TYPE_EXPANDED) {
|
if (type == EAP_TYPE_EXPANDED) {
|
||||||
wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
|
wpabuf_put_u8(resp, EAP_TYPE_EXPANDED);
|
||||||
wpabuf_put_be24(resp, m->vendor);
|
wpabuf_put_be24(resp, m->vendor);
|
||||||
|
|
|
@ -95,6 +95,11 @@ static void *
|
||||||
eap_mschapv2_init(struct eap_sm *sm)
|
eap_mschapv2_init(struct eap_sm *sm)
|
||||||
{
|
{
|
||||||
struct eap_mschapv2_data *data;
|
struct eap_mschapv2_data *data;
|
||||||
|
|
||||||
|
//Do not init insecure unencapsulated MSCHAPv2 as Phase 1 method, only init if Phase 2
|
||||||
|
if(!sm->init_phase2)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
data = (struct eap_mschapv2_data *)os_zalloc(sizeof(*data));
|
data = (struct eap_mschapv2_data *)os_zalloc(sizeof(*data));
|
||||||
if (data == NULL)
|
if (data == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -543,8 +543,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len)
|
||||||
end = buf + len;
|
end = buf + len;
|
||||||
|
|
||||||
for (i = 0; i < name->num_attr; i++) {
|
for (i = 0; i < name->num_attr; i++) {
|
||||||
//ret = os_snprintf(pos, end - pos, "%s=%s, ",
|
ret = os_snprintf(pos, end - pos, "%s=%s, ",
|
||||||
ret = sprintf(pos, "%s=%s, ",
|
|
||||||
x509_name_attr_str(name->attr[i].type),
|
x509_name_attr_str(name->attr[i].type),
|
||||||
name->attr[i].value);
|
name->attr[i].value);
|
||||||
if (ret < 0 || ret >= end - pos)
|
if (ret < 0 || ret >= end - pos)
|
||||||
|
@ -560,8 +559,7 @@ void x509_name_string(struct x509_name *name, char *buf, size_t len)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (name->email) {
|
if (name->email) {
|
||||||
//ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
|
ret = os_snprintf(pos, end - pos, "/emailAddress=%s",
|
||||||
ret = sprintf(pos, "/emailAddress=%s",
|
|
||||||
name->email);
|
name->email);
|
||||||
if (ret < 0 || ret >= end - pos)
|
if (ret < 0 || ret >= end - pos)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
Loading…
Reference in a new issue