Set minimum TLS version fix for v1.0
Check the parameter correctly, and skip processing if the TLS
version is 1.0, no need to initalize wpa_ssid->eap.phase1 to an
empty string, it should be left as NULL.
Bug: 273307153
Test: m
Test: functional test
Change-Id: I696f4919eef2554eb0bb3ca2022eca61176c120e
diff --git a/wpa_supplicant/aidl/sta_network.cpp b/wpa_supplicant/aidl/sta_network.cpp
index 4d816e4..e431a6d 100644
--- a/wpa_supplicant/aidl/sta_network.cpp
+++ b/wpa_supplicant/aidl/sta_network.cpp
@@ -2644,14 +2644,18 @@
ndk::ScopedAStatus StaNetwork::setMinimumTlsVersionEapPhase1ParamInternal(TlsVersion tlsVersion)
{
+ if (tlsVersion < TlsVersion::TLS_V1_0 || tlsVersion > TlsVersion::TLS_V1_3) {
+ return createStatus(SupplicantStatusCode::FAILURE_ARGS_INVALID);
+ }
+ if (tlsVersion == TlsVersion::TLS_V1_0) {
+ // no restriction
+ return ndk::ScopedAStatus::ok();
+ }
struct wpa_ssid *wpa_ssid = retrieveNetworkPtr();
std::string phase1_params;
if (wpa_ssid->eap.phase1 != NULL) {
phase1_params.append(wpa_ssid->eap.phase1);
}
- if (tlsVersion < TlsVersion::TLS_V1_0) {
- return createStatus(SupplicantStatusCode::FAILURE_ARGS_INVALID);
- }
// Fallback to disable lower version TLS cascadingly.
switch (tlsVersion) {
case TlsVersion::TLS_V1_3:
@@ -2663,10 +2667,7 @@
case TlsVersion::TLS_V1_1:
phase1_params.append("tls_disable_tlsv1_0=1");
FALLTHROUGH_INTENDED;
- case TlsVersion::TLS_V1_0:
- FALLTHROUGH_INTENDED;
default:
- // no restriction
break;
}