fix(eap): catch decoding errors

4 years ago · 97ea3fad1d
parent 6fc7301c60
commit 97ea3fad1d
3 changed files with 204 additions and 185 deletions
--- a/src/radius/handler/EAPPacketHandler.ts
+++ b/src/radius/handler/EAPPacketHandler.ts
@ -3,7 +3,7 @@
 import * as NodeCache from 'node-cache';
 import debug from 'debug';
 import { makeid } from '../../helpers';
-import { IPacket, IPacketHandler, IPacketHandlerResult } from '../../types/PacketHandler';
+import { IPacket, IPacketHandler, IPacketHandlerResult, PacketResponseCode } from '../../types/PacketHandler';
 import { IEAPMethod } from '../../types/EAPMethod';
 import { buildEAPResponse, decodeEAPHeader } from './eap/EAPHelper';

@ -34,6 +34,7 @@ export class EAPPacketHandler implements IPacketHandler {
 		// EAP MESSAGE
 		const msg = packet.attributes['EAP-Message'] as Buffer;

+		try {
 			const { code, type, identifier, data } = decodeEAPHeader(msg);

 			const currentState = this.eapConnectionStates.get(stateID) as { validMethods: IEAPMethod[] };
@ -128,5 +129,9 @@ export class EAPPacketHandler implements IPacketHandler {
 			}
 			// silently ignore;
 			return {};
+		} catch (err) {
+			console.error('decoding of (generic) EAP package failed', msg, err);
+			return {};
+		}
 	}
 }
--- a/src/radius/handler/eap/eapMethods/EAP-GTC.ts
+++ b/src/radius/handler/eap/eapMethods/EAP-GTC.ts
@ -37,6 +37,7 @@ export class EAPGTC implements IEAPMethod {
 	): Promise<IPacketHandlerResult> {
 		const username = identity; // this.loginData.get(stateID) as Buffer | undefined;

+		try {
 			const { data } = decodeEAPHeader(msg);

 			const token = this.extractValue(data);
@ -54,5 +55,11 @@ export class EAPGTC implements IEAPMethod {
 				code: success ? PacketResponseCode.AccessAccept : PacketResponseCode.AccessReject,
 				attributes: (success && [['User-Name', username]]) || undefined,
 			};
+		} catch (err) {
+			console.error('decoding of EAP-GTC package failed', msg, err);
+			return {
+				code: PacketResponseCode.AccessReject,
+			};
+		}
 	}
 }
--- a/src/radius/handler/eap/eapMethods/EAP-TTLS.ts
+++ b/src/radius/handler/eap/eapMethods/EAP-TTLS.ts
@ -300,6 +300,7 @@ export class EAPTTLS implements IEAPMethod {
 			return {};
 		}
 		this.lastProcessedIdentifier.set(stateID, identifier);
+		try {
 			const { data } = this.decodeTTLSMessage(msg);

 			// check if no data package is there and we have something in the queue, if so.. empty the queue first
@ -407,6 +408,12 @@ export class EAPTTLS implements IEAPMethod {

 			// send response
 			return responseData; // this.buildEAPTTLSResponse(identifier, 21, 0x00, stateID, encryptedResponseData);
+		} catch (err) {
+			console.error('decoding of EAP-TTLS package failed', msg, err);
+			return {
+				code: PacketResponseCode.AccessReject,
+			};
+		}
 	}

 	private transformAttributesArrayToMap(attributes: [string, Buffer | string][] | undefined) {