Filter invalid EAP authentication types when enumerating them

Valid authentication types defined by the IETF are 4-253 and 255.

diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c
index ad26283937f99678827219225a0201f3446e291a..520c0ce56db814539b32b05078afe57c16d63b71 100644 (file)
--- a/src/libcharon/sa/eap/eap_manager.c
+++ b/src/libcharon/sa/eap/eap_manager.c
@@ -115,6 +115,12 @@ static bool filter_methods(uintptr_t role, eap_entry_t **entry,
        {
                return FALSE;
        }
+       if ((*entry)->vendor == 0 &&
+          ((*entry)->type < 4 || (*entry)->type == EAP_EXPANDED ||
+           (*entry)->type > EAP_EXPERIMENTAL))
+       {       /* filter invalid types */
+               return FALSE;
+       }
        if (type)
        {
                *type = (*entry)->type;

diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h
index ff548f6db00ba9da98091223452374be16e57eb9..e318ef57a990487e7e0063ad31b81219acd3757a 100644 (file)
--- a/src/libcharon/sa/eap/eap_manager.h
+++ b/src/libcharon/sa/eap/eap_manager.h
@@ -55,7 +55,10 @@ struct eap_manager_t {
        void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor);
 
        /**
-        * Enumerate the registered EAP methods for the given role.
+        * Enumerate the registered EAP authentication methods for the given role.
+        *
+        * @note Only authentication types are enumerated (e.g. EAP-Identity is not
+        * even though it is registered as method with this manager).
         *
         * @param role                  EAP role of methods to enumerate
         * @return                              enumerator over (eap_type_t type, u_int32_t vendor)