Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-PEAP server: Fix Phase 2 TLV length in error case

The payload length in a Phase 2 TLV message reporting error was not set
correctly. Fix this to not include the TLVs that are included only in
success case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
95a15d793e
commit
bfaefd5174
1 changed files with 5 additions and 3 deletions
Split View Show Diff Stats
  1. 5 3
      src/eap_server/eap_server_peap.c

+ 5 - 3
src/eap_server/eap_server_peap.c
View File 

@@ -344,12 +344,14 @@ static struct wpabuf * eap_peap_build_phase2_tlv(struct eap_sm *sm,
 
 	size_t mlen;
 
 
 	mlen = 6; /* Result TLV */
 
-	if (data->crypto_binding != NO_BINDING)
 
+	if (data->peap_version == 0 && data->tlv_request == TLV_REQ_SUCCESS &&
 
+	    data->crypto_binding != NO_BINDING) {
 
 		mlen += 60; /* Cryptobinding TLV */
 
 #ifdef EAP_SERVER_TNC
 
-	if (data->soh_response)
 
-		mlen += wpabuf_len(data->soh_response);
 
+		if (data->soh_response)
 
+			mlen += wpabuf_len(data->soh_response);
 
 #endif /* EAP_SERVER_TNC */
 
+	}
 
 
 	buf = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TLV, mlen,
 
 			    EAP_CODE_REQUEST, id);