diff --git a/lib/EAPBase/src/Method.cpp b/lib/EAPBase/src/Method.cpp index ce33a75..448b52b 100644 --- a/lib/EAPBase/src/Method.cpp +++ b/lib/EAPBase/src/Method.cpp @@ -235,19 +235,19 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet( _In_ DWORD dwReceivedPacketSize) { if (dwReceivedPacketSize < offsetof(EapPacket, Data)) - throw invalid_argument(string_printf(__FUNCTION__ " Incomplete EAP packet header (minimum: %zu, received: %u).", offsetof(EapPacket, Data), dwReceivedPacketSize)); + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete EAP packet header."); auto hdr = reinterpret_cast(pReceivedPacket); // Check packet size. DWORD size_packet = ntohs(*reinterpret_cast(hdr->Length)); if (size_packet > dwReceivedPacketSize) - throw invalid_argument(string_printf(__FUNCTION__ " Incorrect EAP packet length (expected: %u, received: %u).", size_packet, dwReceivedPacketSize)); + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Incorrect EAP packet length (expected: %u, received: %u).", size_packet, dwReceivedPacketSize)); switch (hdr->Code) { case EapCodeRequest: if (dwReceivedPacketSize < sizeof(EapPacket)) - throw invalid_argument(string_printf(__FUNCTION__ " Incomplete EAP packet (minimum: %zu, received: %u).", sizeof(EapPacket), dwReceivedPacketSize)); + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete EAP packet."); // Save request packet ID to make matching response packet in get_response_packet() later. m_id = hdr->Id; @@ -281,7 +281,7 @@ EapPeerMethodResponseAction eap::method_eap::process_request_packet( throw invalid_argument(string_printf(__FUNCTION__ " EAP Failure packet received.")); default: - throw invalid_argument(string_printf(__FUNCTION__ " Unknown EAP packet received (expected: %u, received: %u).", EapCodeRequest, (int)hdr->Code)); + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Unknown EAP packet received (expected: %u, received: %u).", EapCodeRequest, (int)hdr->Code)); } } diff --git a/lib/EAPBase/src/StdAfx.h b/lib/EAPBase/src/StdAfx.h index f5b0965..99e2842 100644 --- a/lib/EAPBase/src/StdAfx.h +++ b/lib/EAPBase/src/StdAfx.h @@ -33,4 +33,6 @@ #include #include +#include +#include // include after Windows.h #include diff --git a/lib/TTLS/src/Method.cpp b/lib/TTLS/src/Method.cpp index 50ce5e9..293fbc4 100644 --- a/lib/TTLS/src/Method.cpp +++ b/lib/TTLS/src/Method.cpp @@ -1,21 +1,21 @@ /* Copyright 2015-2020 Amebis - Copyright 2016 GÉANT + Copyright 2016 GÉANT - This file is part of GÉANTLink. + This file is part of GÉANTLink. - GÉANTLink is free software: you can redistribute it and/or modify it + GÉANTLink is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - GÉANTLink is distributed in the hope that it will be useful, but + GÉANTLink is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with GÉANTLink. If not, see . + along with GÉANTLink. If not, see . */ #include "StdAfx.h" @@ -60,9 +60,11 @@ EapPeerMethodResponseAction eap::method_defrag::process_request_packet( _In_bytecount_(dwReceivedPacketSize) const void *pReceivedPacket, _In_ DWORD dwReceivedPacketSize) { - assert(dwReceivedPacketSize >= 1); // Request packet should contain flags at least. auto data_packet = reinterpret_cast(pReceivedPacket); + if (dwReceivedPacketSize < 1) + throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete packet flags."); + // To prevent version downgrade attacks, negotiate protocol version on binding exchange only. Then stick to it! unsigned char data_version = data_packet[0] & flags_ver_mask; if (m_phase == phase_t::init) {