fix(eap): catch decoding errors

This commit is contained in:
simon 2020-06-25 11:17:19 +02:00
parent 6fc7301c60
commit 97ea3fad1d
3 changed files with 203 additions and 184 deletions

View File

@ -3,7 +3,7 @@
import * as NodeCache from 'node-cache'; import * as NodeCache from 'node-cache';
import debug from 'debug'; import debug from 'debug';
import { makeid } from '../../helpers'; import { makeid } from '../../helpers';
import { IPacket, IPacketHandler, IPacketHandlerResult } from '../../types/PacketHandler'; import { IPacket, IPacketHandler, IPacketHandlerResult, PacketResponseCode } from '../../types/PacketHandler';
import { IEAPMethod } from '../../types/EAPMethod'; import { IEAPMethod } from '../../types/EAPMethod';
import { buildEAPResponse, decodeEAPHeader } from './eap/EAPHelper'; import { buildEAPResponse, decodeEAPHeader } from './eap/EAPHelper';
@ -34,6 +34,7 @@ export class EAPPacketHandler implements IPacketHandler {
// EAP MESSAGE // EAP MESSAGE
const msg = packet.attributes['EAP-Message'] as Buffer; const msg = packet.attributes['EAP-Message'] as Buffer;
try {
const { code, type, identifier, data } = decodeEAPHeader(msg); const { code, type, identifier, data } = decodeEAPHeader(msg);
const currentState = this.eapConnectionStates.get(stateID) as { validMethods: IEAPMethod[] }; const currentState = this.eapConnectionStates.get(stateID) as { validMethods: IEAPMethod[] };
@ -128,5 +129,9 @@ export class EAPPacketHandler implements IPacketHandler {
} }
// silently ignore; // silently ignore;
return {}; return {};
} catch (err) {
console.error('decoding of (generic) EAP package failed', msg, err);
return {};
}
} }
} }

View File

@ -37,6 +37,7 @@ export class EAPGTC implements IEAPMethod {
): Promise<IPacketHandlerResult> { ): Promise<IPacketHandlerResult> {
const username = identity; // this.loginData.get(stateID) as Buffer | undefined; const username = identity; // this.loginData.get(stateID) as Buffer | undefined;
try {
const { data } = decodeEAPHeader(msg); const { data } = decodeEAPHeader(msg);
const token = this.extractValue(data); const token = this.extractValue(data);
@ -54,5 +55,11 @@ export class EAPGTC implements IEAPMethod {
code: success ? PacketResponseCode.AccessAccept : PacketResponseCode.AccessReject, code: success ? PacketResponseCode.AccessAccept : PacketResponseCode.AccessReject,
attributes: (success && [['User-Name', username]]) || undefined, attributes: (success && [['User-Name', username]]) || undefined,
}; };
} catch (err) {
console.error('decoding of EAP-GTC package failed', msg, err);
return {
code: PacketResponseCode.AccessReject,
};
}
} }
} }

View File

@ -300,6 +300,7 @@ export class EAPTTLS implements IEAPMethod {
return {}; return {};
} }
this.lastProcessedIdentifier.set(stateID, identifier); this.lastProcessedIdentifier.set(stateID, identifier);
try {
const { data } = this.decodeTTLSMessage(msg); const { data } = this.decodeTTLSMessage(msg);
// check if no data package is there and we have something in the queue, if so.. empty the queue first // check if no data package is there and we have something in the queue, if so.. empty the queue first
@ -407,6 +408,12 @@ export class EAPTTLS implements IEAPMethod {
// send response // send response
return responseData; // this.buildEAPTTLSResponse(identifier, 21, 0x00, stateID, encryptedResponseData); return responseData; // this.buildEAPTTLSResponse(identifier, 21, 0x00, stateID, encryptedResponseData);
} catch (err) {
console.error('decoding of EAP-TTLS package failed', msg, err);
return {
code: PacketResponseCode.AccessReject,
};
}
} }
private transformAttributesArrayToMap(attributes: [string, Buffer | string][] | undefined) { private transformAttributesArrayToMap(attributes: [string, Buffer | string][] | undefined) {