projects / mech_eap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated to hostap_2_6
[mech_eap.git] / libeap / src / eap_server / eap_server_pwd.c
diff --git a/libeap/src/eap_server/eap_server_pwd.c b/libeap/src/eap_server/eap_server_pwd.c
index cb83ff7..64bf708 100644 (file)
--- a/libeap/src/eap_server/eap_server_pwd.c
+++ b/libeap/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,13 @@ static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data,
                return;
        }
 
-       /* an lfsr is good enough to generate unpredictable tokens */
-       data->token = os_random();
+       if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+               wpabuf_free(data->outbuf);
+               data->outbuf = NULL;
+               eap_pwd_state(data, FAILURE);
+               return;
+       }
+
        wpabuf_put_be16(data->outbuf, data->group_num);
        wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
        wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
@@ -970,7 +975,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
        /*
         * the first and all intermediate fragments have the M bit set
         */
-       if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+       if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
                if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
                        wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
                                   "attack detected! (%d+%d > %d)",
@@ -981,6 +986,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
                }
                wpabuf_put_data(data->inbuf, pos, len);
                data->in_frag_pos += len;
+       }
+       if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
                wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
                           (int) len);
                return;
@@ -990,8 +997,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
         * buffering fragments so that's how we know it's the last)
         */
        if (data->in_frag_pos) {
-               wpabuf_put_data(data->inbuf, pos, len);
-               data->in_frag_pos += len;
                pos = wpabuf_head_u8(data->inbuf);
                len = data->in_frag_pos;
                wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
@@ -1094,7 +1099,6 @@ static u8 * eap_pwd_get_session_id(struct eap_sm *sm, void *priv, size_t *len)
 int eap_server_pwd_register(void)
 {
        struct eap_method *eap;
-       int ret;
        struct timeval tp;
        struct timezone tz;
        u32 sr;
@@ -1121,9 +1125,6 @@ int eap_server_pwd_register(void)
        eap->isSuccess = eap_pwd_is_success;
        eap->getSessionId = eap_pwd_get_session_id;
 
-       ret = eap_server_method_register(eap);
-       if (ret)
-               eap_server_method_free(eap);
-       return ret;
+       return eap_server_method_register(eap);
 }
 
Moonshot GSS-API mechanism