Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding

The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-10-10 18:38:37 +03:00
parent d79ce4a6ce
commit 5a55c9b411

View file

@ -48,7 +48,7 @@ static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
WPA_PUT_LE16(ucs2_buffer + j, WPA_PUT_LE16(ucs2_buffer + j,
((c & 0x1F) << 6) | (c2 & 0x3F)); ((c & 0x1F) << 6) | (c2 & 0x3F));
j += 2; j += 2;
} else if (i == utf8_string_len || } else if (i == utf8_string_len - 1 ||
j >= ucs2_buffer_size - 1) { j >= ucs2_buffer_size - 1) {
/* incomplete surrogate */ /* incomplete surrogate */
return -1; return -1;