fix(eap): catch decoding errors

This commit is contained in:
simon 2020-06-25 11:17:19 +02:00
parent 6fc7301c60
commit 97ea3fad1d
3 changed files with 203 additions and 184 deletions

View File

@ -3,7 +3,7 @@
import * as NodeCache from 'node-cache';
import debug from 'debug';
import { makeid } from '../../helpers';
import { IPacket, IPacketHandler, IPacketHandlerResult } from '../../types/PacketHandler';
import { IPacket, IPacketHandler, IPacketHandlerResult, PacketResponseCode } from '../../types/PacketHandler';
import { IEAPMethod } from '../../types/EAPMethod';
import { buildEAPResponse, decodeEAPHeader } from './eap/EAPHelper';
@ -34,6 +34,7 @@ export class EAPPacketHandler implements IPacketHandler {
// EAP MESSAGE
const msg = packet.attributes['EAP-Message'] as Buffer;
try {
const { code, type, identifier, data } = decodeEAPHeader(msg);
const currentState = this.eapConnectionStates.get(stateID) as { validMethods: IEAPMethod[] };
@ -128,5 +129,9 @@ export class EAPPacketHandler implements IPacketHandler {
}
// silently ignore;
return {};
} catch (err) {
console.error('decoding of (generic) EAP package failed', msg, err);
return {};
}
}
}

View File

@ -37,6 +37,7 @@ export class EAPGTC implements IEAPMethod {
): Promise<IPacketHandlerResult> {
const username = identity; // this.loginData.get(stateID) as Buffer | undefined;
try {
const { data } = decodeEAPHeader(msg);
const token = this.extractValue(data);
@ -54,5 +55,11 @@ export class EAPGTC implements IEAPMethod {
code: success ? PacketResponseCode.AccessAccept : PacketResponseCode.AccessReject,
attributes: (success && [['User-Name', username]]) || undefined,
};
} catch (err) {
console.error('decoding of EAP-GTC package failed', msg, err);
return {
code: PacketResponseCode.AccessReject,
};
}
}
}

View File

@ -300,6 +300,7 @@ export class EAPTTLS implements IEAPMethod {
return {};
}
this.lastProcessedIdentifier.set(stateID, identifier);
try {
const { data } = this.decodeTTLSMessage(msg);
// check if no data package is there and we have something in the queue, if so.. empty the queue first
@ -407,6 +408,12 @@ export class EAPTTLS implements IEAPMethod {
// send response
return responseData; // this.buildEAPTTLSResponse(identifier, 21, 0x00, stateID, encryptedResponseData);
} catch (err) {
console.error('decoding of EAP-TTLS package failed', msg, err);
return {
code: PacketResponseCode.AccessReject,
};
}
}
private transformAttributesArrayToMap(attributes: [string, Buffer | string][] | undefined) {