pppd: Ignore received EAP messages when not doing EAP eapfix master
authorPaul Mackerras <paulus@ozlabs.org>
Mon, 3 Feb 2020 05:31:42 +0000 (16:31 +1100)
committerPaul Mackerras <paulus@ozlabs.org>
Mon, 3 Feb 2020 05:31:42 +0000 (16:31 +1100)
commit8d45443bb5c9372b4c6a362ba2f443d41c5636af
treeaf8b1ae019e8693ca5f91b7a277e1d09b90ab581
parent8d7970b8f3db727fe798b65f3377fe6787575426
pppd: Ignore received EAP messages when not doing EAP

This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
pppd/eap.c