Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-AKA server: Fix fallback to full auth

Commit 68a41bbb44ac78087076ce65e6c1803d036bc4a2 broke fallback from
reauth id to fullauth id by not allowing a second AKA/Identity round to
be used after having received unrecognized reauth_id in the first round.
Fix this by allowing fullauth id to be requested in such a case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 12 years ago
parent
c0810ddb3c
commit
9bb1025a2e
1 changed files with 11 additions and 0 deletions
Split View Show Diff Stats
  1. 11 0
      src/eap_server/eap_server_aka.c

+ 11 - 0
src/eap_server/eap_server_aka.c
View File 

@@ -731,6 +731,17 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
 
 		return;
 
 	}
 
 
+	if (((data->eap_method == EAP_TYPE_AKA_PRIME &&
 
+	      username[0] == EAP_AKA_PRIME_REAUTH_ID_PREFIX) ||
 
+	     (data->eap_method == EAP_TYPE_AKA &&
 
+	      username[0] == EAP_AKA_REAUTH_ID_PREFIX)) &&
 
+	    data->identity_round == 1) {
 
+		/* Remain in IDENTITY state for another round to request full
 
+		 * auth identity since we did not recognize reauth id */
 
+		os_free(username);
 
+		return;
 
+	}
 
+
 
 	if ((data->eap_method == EAP_TYPE_AKA_PRIME &&
 
 	     username[0] == EAP_AKA_PRIME_PSEUDONYM_PREFIX) ||
 
 	    (data->eap_method == EAP_TYPE_AKA &&