From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 22 Aug 2012 15:01:13 +0000 (+0200)
Subject: Filter invalid EAP authentication types when enumerating them
X-Git-Tag: 5.0.1~154^2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cad171da8a67a61cce493d90206723dfc47d510;p=thirdparty%2Fstrongswan.git

Filter invalid EAP authentication types when enumerating them

Valid authentication types defined by the IETF are 4-253 and 255.
---

diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c
index ad26283937..520c0ce56d 100644
--- a/src/libcharon/sa/eap/eap_manager.c
+++ b/src/libcharon/sa/eap/eap_manager.c
@@ -115,6 +115,12 @@ static bool filter_methods(uintptr_t role, eap_entry_t **entry,
 	{
 		return FALSE;
 	}
+	if ((*entry)->vendor == 0 &&
+	   ((*entry)->type < 4 || (*entry)->type == EAP_EXPANDED ||
+	    (*entry)->type > EAP_EXPERIMENTAL))
+	{	/* filter invalid types */
+		return FALSE;
+	}
 	if (type)
 	{
 		*type = (*entry)->type;
diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h
index ff548f6db0..e318ef57a9 100644
--- a/src/libcharon/sa/eap/eap_manager.h
+++ b/src/libcharon/sa/eap/eap_manager.h
@@ -55,7 +55,10 @@ struct eap_manager_t {
 	void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor);
 
 	/**
-	 * Enumerate the registered EAP methods for the given role.
+	 * Enumerate the registered EAP authentication methods for the given role.
+	 *
+	 * @note Only authentication types are enumerated (e.g. EAP-Identity is not
+	 * even though it is registered as method with this manager).
 	 *
 	 * @param role			EAP role of methods to enumerate
 	 * @return				enumerator over (eap_type_t type, u_int32_t vendor)