data->identity = NULL;
sm->identity_len = data->identity_len;
data->identity_len = 0;
+ sm->require_identity_match = 1;
if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-FAST: "
"Phase2 Identity not found "
wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Response user",
pos, pos2 - pos);
- os_free(sm->identity);
- sm->identity_len = pos2 - pos;
- sm->identity = os_malloc(sm->identity_len);
- if (sm->identity == NULL) {
+ if (sm->identity && sm->require_identity_match &&
+ (pos2 - pos != (int) sm->identity_len ||
+ os_memcmp(pos, sm->identity, sm->identity_len))) {
+ wpa_printf(MSG_DEBUG, "EAP-GTC: Phase 2 Identity did "
+ "not match with required Identity");
+ wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Expected "
+ "identity",
+ sm->identity, sm->identity_len);
data->state = FAILURE;
return;
+ } else {
+ os_free(sm->identity);
+ sm->identity_len = pos2 - pos;
+ sm->identity = os_malloc(sm->identity_len);
+ if (sm->identity == NULL) {
+ data->state = FAILURE;
+ return;
+ }
+ os_memcpy(sm->identity, pos, sm->identity_len);
}
- os_memcpy(sm->identity, pos, sm->identity_len);
if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
wpa_hexdump_ascii(MSG_DEBUG, "EAP-GTC: Phase2 "
void *eap_method_priv;
u8 *identity;
size_t identity_len;
+ /* Whether Phase 2 method should validate identity match */
+ int require_identity_match;
int lastId; /* Identifier used in the last EAP-Packet */
struct eap_user *user;
int user_eap_method_index;