libreCMC/package/network/services/ppp/patches/702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP.patch

From 8d45443bb5c9372b4c6a362ba2f443d41c5636af Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Mon, 3 Feb 2020 16:31:42 +1100
Subject: [PATCH] pppd: Ignore received EAP messages when not doing EAP

This adds some basic checks to the subroutines of eap_input to check
that we have requested or agreed to doing EAP authentication before
doing any processing on the received packet.  The motivation is to
make it harder for a malicious peer to disrupt the operation of pppd
by sending unsolicited EAP packets.  Note that eap_success() already
has a check that the EAP client state is reasonable, and does nothing
(apart from possibly printing a debug message) if not.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
 pppd/eap.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pppd/eap.c b/pppd/eap.c
index 1b93db01aebd..082e95343120 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -1328,6 +1328,12 @@ int len;
 	int fd;
 #endif /* USE_SRP */
 
+	/*
+	 * Ignore requests if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
 	/*
 	 * Note: we update es_client.ea_id *only if* a Response
 	 * message is being generated.  Otherwise, we leave it the
@@ -1736,6 +1742,12 @@ int len;
 	u_char dig[SHA_DIGESTSIZE];
 #endif /* USE_SRP */
 
+	/*
+	 * Ignore responses if we're not open
+	 */
+	if (esp->es_server.ea_state <= eapClosed)
+		return;
+
 	if (esp->es_server.ea_id != id) {
 		dbglog("EAP: discarding Response %d; expected ID %d", id,
 		    esp->es_server.ea_id);
@@ -2047,6 +2059,12 @@ u_char *inp;
 int id;
 int len;
 {
+	/*
+	 * Ignore failure messages if we're not open
+	 */
+	if (esp->es_client.ea_state <= eapClosed)
+		return;
+
 	if (!eap_client_active(esp)) {
 		dbglog("EAP unexpected failure message in state %s (%d)",
 		    eap_state_name(esp->es_client.ea_state),