From: Jouni Malinen <j@w1.fi>
Date: Sun, 1 Sep 2019 14:15:06 +0000 (+0300)
Subject: EAP-TEAP peer: Clear Phase 2 EAP method on new Identity exchange
X-Git-Tag: hostap_2_10~2391
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4d78ba9900e0fb2ad3ba20c472255b01dadf4572;p=thirdparty%2Fhostap.git

EAP-TEAP peer: Clear Phase 2 EAP method on new Identity exchange

This is needed to allow clean transition from one inner EAP
authentication method to another one if EAP method negotiation is needed
within Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_peer/eap_teap.c b/src/eap_peer/eap_teap.c
index 06665b9ef..f751fbec3 100644
--- a/src/eap_peer/eap_teap.c
+++ b/src/eap_peer/eap_teap.c
@@ -378,6 +378,22 @@ static int eap_teap_select_phase2_method(struct eap_teap_data *data,
 }
 
 
+static void eap_teap_deinit_inner_eap(struct eap_sm *sm,
+				      struct eap_teap_data *data)
+{
+	if (!data->phase2_priv || !data->phase2_method)
+		return;
+
+	wpa_printf(MSG_DEBUG,
+		   "EAP-TEAP: Phase 2 EAP sequence - deinitialize previous method");
+	data->phase2_method->deinit(sm, data->phase2_priv);
+	data->phase2_method = NULL;
+	data->phase2_priv = NULL;
+	data->phase2_type.vendor = EAP_VENDOR_IETF;
+	data->phase2_type.method = EAP_TYPE_NONE;
+}
+
+
 static int eap_teap_phase2_request(struct eap_sm *sm,
 				   struct eap_teap_data *data,
 				   struct eap_method_ret *ret,
@@ -413,21 +429,15 @@ static int eap_teap_phase2_request(struct eap_sm *sm,
 	wpa_printf(MSG_DEBUG, "EAP-TEAP: Phase 2 Request: type=%u:%u",
 		   vendor, method);
 	if (vendor == EAP_VENDOR_IETF && method == EAP_TYPE_IDENTITY) {
+		eap_teap_deinit_inner_eap(sm, data);
 		*resp = eap_sm_buildIdentity(sm, hdr->identifier, 1);
 		return 0;
 	}
 
 	if (data->phase2_priv && data->phase2_method &&
 	    (vendor != data->phase2_type.vendor ||
-	     method != data->phase2_type.method)) {
-		wpa_printf(MSG_DEBUG,
-			   "EAP-TEAP: Phase 2 EAP sequence - deinitialize previous method");
-		data->phase2_method->deinit(sm, data->phase2_priv);
-		data->phase2_method = NULL;
-		data->phase2_priv = NULL;
-		data->phase2_type.vendor = EAP_VENDOR_IETF;
-		data->phase2_type.method = EAP_TYPE_NONE;
-	}
+	     method != data->phase2_type.method))
+		eap_teap_deinit_inner_eap(sm, data);
 
 	if (data->phase2_type.vendor == EAP_VENDOR_IETF &&
 	    data->phase2_type.method == EAP_TYPE_NONE &&