DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-EKE: Reject too long Prot() data when building a frame

Browse source 
This error case in own buffer lengths being too short was not handled
properly. While this should not really happen since the wpabuf
allocation is made large for the fixed cases that are currently
supported, better make eap_eke_prot() safer if this functionally ever
gets extended with a longer buffer need.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-12-22 00:03:44 +02:00
parent 3b6f3b37b8
commit 13cb0a66d5
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/eap_common/eap_eke_common.c
View file

@ -635,6 +635,7 @@ int eap_eke_prot(struct eap_eke_session *sess,
if (*prot_len < block_size + data_len + pad + icv_len) { if (*prot_len < block_size + data_len + pad + icv_len) {
wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for Prot() data"); wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for Prot() data");
return -1;
} }
pos = prot; pos = prot;