Browse Source

EAP-TTLS peer: Fix user input during implicit identity request

Special processing is needed to handle EAP user request for
identity or password at the beginning of Phase 2 when the implicit
identity request is used. data->pending_phase2_req needs to be set
to an empty buffer in that case to avoid re-processing the previous
part of TLS negotiation when the user enters the needed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 13 years ago
parent
commit
af72d17e72
1 changed files with 15 additions and 0 deletions
  1. 15 0
      src/eap_peer/eap_ttls.c

+ 15 - 0
src/eap_peer/eap_ttls.c

@@ -1220,6 +1220,21 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
 			   "processing failed");
 			   "processing failed");
 		retval = -1;
 		retval = -1;
 	} else {
 	} else {
+		struct eap_peer_config *config = eap_get_config(sm);
+		if (resp == NULL &&
+		    (config->pending_req_identity ||
+		     config->pending_req_password ||
+		     config->pending_req_otp ||
+		     config->pending_req_new_password)) {
+			/*
+			 * Use empty buffer to force implicit request
+			 * processing when EAP request is re-processed after
+			 * user input.
+			 */
+			wpabuf_free(data->pending_phase2_req);
+			data->pending_phase2_req = wpabuf_alloc(0);
+		}
+
 		retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
 		retval = eap_ttls_encrypt_response(sm, data, resp, identifier,
 						   out_data);
 						   out_data);
 	}
 	}