EAP-AKA: Check that ID message storing succeeds

This could fail in theory if running out of memory, so better check for
this explicitly instead of allowing the exchange to continue and fail
later due to checkcode mismatch.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_aka.c b/src/eap_peer/eap_aka.c
index e57461a33a59bb3f445d05c2745ad56e2a2b8683..8c475f13f162a9b5f72148bebe68b4f08b2308c3 100644 (file)
--- a/src/eap_peer/eap_aka.c
+++ b/src/eap_peer/eap_aka.c
@@ -442,19 +442,28 @@ static int eap_aka_learn_ids(struct eap_sm *sm, struct eap_aka_data *data,
 
 
 static int eap_aka_add_id_msg(struct eap_aka_data *data,
-                             const struct wpabuf *msg)
+                             const struct wpabuf *msg1,
+                             const struct wpabuf *msg2)
 {
-       if (msg == NULL)
+       size_t len;
+
+       if (!msg1)
                return -1;
+       len = wpabuf_len(msg1);
+       if (msg2)
+               len += wpabuf_len(msg2);
 
-       if (data->id_msgs == NULL) {
-               data->id_msgs = wpabuf_dup(msg);
-               return data->id_msgs == NULL ? -1 : 0;
+       if (!data->id_msgs) {
+               data->id_msgs = wpabuf_alloc(len);
+               if (!data->id_msgs)
+                       return -1;
+       } else if (wpabuf_resize(&data->id_msgs, len) < 0) {
+               return -1;
        }
 
-       if (wpabuf_resize(&data->id_msgs, wpabuf_len(msg)) < 0)
-               return -1;
-       wpabuf_put_buf(data->id_msgs, msg);
+       wpabuf_put_buf(data->id_msgs, msg1);
+       if (msg2)
+               wpabuf_put_buf(data->id_msgs, msg2);
 
        return 0;
 }
@@ -799,8 +808,13 @@ static struct wpabuf * eap_aka_process_identity(struct eap_sm *sm,
        buf = eap_aka_response_identity(sm, data, id, attr->id_req);
 
        if (data->prev_id != id) {
-               eap_aka_add_id_msg(data, reqData);
-               eap_aka_add_id_msg(data, buf);
+               if (eap_aka_add_id_msg(data, reqData, buf) < 0) {
+                       wpa_printf(MSG_INFO,
+                                  "EAP-AKA: Failed to store ID messages");
+                       wpabuf_free(buf);
+                       return eap_aka_client_error(
+                               data, id, EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+               }
                data->prev_id = id;
        }
 

diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py
index 7494b429a15fc91faa46a91defadb540eed564e7..3401749ded741a0893d92264ff9aaa9c5df71660 100644 (file)
--- a/tests/hwsim/test_eap_proto.py
+++ b/tests/hwsim/test_eap_proto.py
@@ -5629,8 +5629,7 @@ def test_eap_proto_aka_errors(dev, apdev):
     tests = [(1, "=eap_aka_learn_ids"),
              (2, "=eap_aka_learn_ids"),
              (1, "eap_sim_parse_encr;eap_aka_process_challenge"),
-             (1, "wpabuf_dup;eap_aka_add_id_msg"),
-             (1, "wpabuf_resize;eap_aka_add_id_msg"),
+             (1, "wpabuf_alloc;eap_aka_add_id_msg"),
              (1, "eap_aka_getKey"),
              (1, "eap_aka_get_emsk"),
              (1, "eap_aka_get_session_id")]