diff options
| author | Vladislav Grishenko <themiron@mail.ru> | 2022-05-13 15:44:34 +0500 |
|---|---|---|
| committer | Vladislav Grishenko <themiron@mail.ru> | 2022-05-13 16:33:07 +0500 |
| commit | 3c95746caceeebe38c3640ba8986d7b0c8eb7b91 (patch) | |
| tree | ac32325f1f9c7fd6be9f9755fbe62fdc7027fd9f /accel-pppd | |
| parent | c347e2fbb8ea489242b227fa3f4abc1d233f1a19 (diff) | |
| download | accel-ppp-xebd-3c95746caceeebe38c3640ba8986d7b0c8eb7b91.tar.gz accel-ppp-xebd-3c95746caceeebe38c3640ba8986d7b0c8eb7b91.zip | |
auth: discard unphased PAP Authenticate-Request packets
Per https://datatracker.ietf.org/doc/html/rfc1334#section-2.2.1:
Implementation Note: Because the Authenticate-Ack might be
lost, the authenticator MUST allow repeated Authenticate-
Request packets after completing the Authentication phase.
Protocol phase MUST return the same reply Code returned when
the Authentication phase completed (the message portion MAY be
different). Any Authenticate-Request packets received during
any other phase MUST be silently discarded.
Diffstat (limited to 'accel-pppd')
| -rw-r--r-- | accel-pppd/auth/auth_pap.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/accel-pppd/auth/auth_pap.c b/accel-pppd/auth/auth_pap.c index 4092101..f31be8b 100644 --- a/accel-pppd/auth/auth_pap.c +++ b/accel-pppd/auth/auth_pap.c @@ -43,6 +43,7 @@ struct pap_auth_data { char *peer_id; int req_id; unsigned int started:1; + unsigned int active:1; }; struct pap_hdr { @@ -76,6 +77,10 @@ static struct auth_data_t* auth_data_init(struct ppp_t *ppp) d->auth.len = 0; d->ppp = ppp; + d->h.proto = PPP_PAP; + d->h.recv = pap_recv; + ppp_register_chan_handler(ppp, &d->h); + return &d->auth; } @@ -83,6 +88,11 @@ static void auth_data_free(struct ppp_t *ppp, struct auth_data_t *auth) { struct pap_auth_data *d = container_of(auth, typeof(*d), auth); + if (d->timeout.tpd) + triton_timer_del(&d->timeout); + + ppp_unregister_handler(ppp, &d->h); + _free(d); } @@ -90,14 +100,12 @@ static int pap_start(struct ppp_t *ppp, struct auth_data_t *auth) { struct pap_auth_data *d = container_of(auth, typeof(*d), auth); - d->h.proto = PPP_PAP; - d->h.recv = pap_recv; d->timeout.expire = pap_timeout; d->timeout.period = conf_timeout * 1000; triton_timer_add(ppp->ses.ctrl->ctx, &d->timeout, 0); - ppp_register_chan_handler(ppp, &d->h); + d->active = 1; return 0; } @@ -105,14 +113,14 @@ static int pap_finish(struct ppp_t *ppp, struct auth_data_t *auth) { struct pap_auth_data *d = container_of(auth, typeof(*d), auth); + d->active = 0; + if (d->timeout.tpd) triton_timer_del(&d->timeout); if (d->peer_id) _free(d->peer_id); - ppp_unregister_handler(ppp, &d->h); - return 0; } @@ -200,6 +208,11 @@ static int pap_recv_req(struct pap_auth_data *p, struct pap_hdr *hdr) int passwd_len; uint8_t *ptr = (uint8_t*)(hdr + 1); + if (!p->active) { + log_ppp_debug("PAP: unexpected packet received\n"); + return 0; + } + if (p->timeout.tpd) triton_timer_del(&p->timeout); |