X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Feap.c;h=082e95343120954abe1de82991387373344e1ba7;hb=c319558b8cacad7d27f04c7d612e44b67f273434;hp=6203f94d0a69e88cb3e4b076b42f9b1a378b452f;hpb=fd72d1cb02044e3ec19193206e22082fc4faca48;p=ppp.git

diff --git a/pppd/eap.c b/pppd/eap.c
index 6203f94..082e953 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -76,7 +76,6 @@
 #define	SHA_DIGESTSIZE 20
 #endif
 
-static const char rcsid[] = RCSID;
 
 eap_state eap_states[NUM_PPP];		/* EAP state; one for each unit */
 #ifdef USE_SRP
@@ -1329,6 +1328,12 @@ int len;
 	int fd;
 #endif /* USE_SRP */
 
+	/*
+	 * Ignore requests if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
 	/*
 	 * Note: we update es_client.ea_id *only if* a Response
 	 * message is being generated.  Otherwise, we leave it the
@@ -1421,7 +1426,7 @@ int len;
 		}
 
 		/* Not so likely to happen. */
-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
 			dbglog("EAP: trimming really long peer name down");
 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
 			rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1448,7 +1453,7 @@ int len;
 		MD5_Init(&mdContext);
 		typenum = id;
 		MD5_Update(&mdContext, &typenum, 1);
-		MD5_Update(&mdContext, secret, secret_len);
+		MD5_Update(&mdContext, (u_char *)secret, secret_len);
 		BZERO(secret, sizeof (secret));
 		MD5_Update(&mdContext, inp, vallen);
 		MD5_Final(hash, &mdContext);
@@ -1737,6 +1742,12 @@ int len;
 	u_char dig[SHA_DIGESTSIZE];
 #endif /* USE_SRP */
 
+	/*
+	 * Ignore responses if we're not open
+	 */
+	if (esp->es_server.ea_state <= eapClosed)
+		return;
+
 	if (esp->es_server.ea_id != id) {
 		dbglog("EAP: discarding Response %d; expected ID %d", id,
 		    esp->es_server.ea_id);
@@ -1847,7 +1858,7 @@ int len;
 		}
 
 		/* Not so likely to happen. */
-		if (vallen >= len + sizeof (rhostname)) {
+		if (len - vallen >= sizeof (rhostname)) {
 			dbglog("EAP: trimming really long peer name down");
 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
 			rhostname[sizeof (rhostname) - 1] = '\0';
@@ -1873,7 +1884,7 @@ int len;
 		}
 		MD5_Init(&mdContext);
 		MD5_Update(&mdContext, &esp->es_server.ea_id, 1);
-		MD5_Update(&mdContext, secret, secret_len);
+		MD5_Update(&mdContext, (u_char *)secret, secret_len);
 		BZERO(secret, sizeof (secret));
 		MD5_Update(&mdContext, esp->es_challenge, esp->es_challen);
 		MD5_Final(hash, &mdContext);
@@ -2048,6 +2059,12 @@ u_char *inp;
 int id;
 int len;
 {
+	/*
+	 * Ignore failure messages if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
 	if (!eap_client_active(esp)) {
 		dbglog("EAP unexpected failure message in state %s (%d)",
 		    eap_state_name(esp->es_client.ea_state),