DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

MKA: Handle unaligned CKN length

Browse source 
IEEE Std 802.1X-2010, Figure 11-7 explains that "Parameter set body
length" is exclusive of the suffix padding.

Fix variable length encoding and decoding when CKN length is not a
multiple of 4 bytes.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun 2017-08-17 23:51:58 +02:00 committed by Jouni Malinen
parent f1ac2b8e6a
commit 61127f162a
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/pae/ieee802_1x_kay.c
View file

@ -704,9 +704,10 @@ ieee802_1x_mka_encode_basic_body(
{ {
struct ieee802_1x_mka_basic_body *body; struct ieee802_1x_mka_basic_body *body;
struct ieee802_1x_kay *kay = participant->kay; struct ieee802_1x_kay *kay = participant->kay;
unsigned int length = ieee802_1x_mka_basic_body_length(participant); unsigned int length = sizeof(struct ieee802_1x_mka_basic_body);
body = wpabuf_put(buf, length); length += participant->ckn.len;
body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length));
body->version = kay->mka_version; body->version = kay->mka_version;
body->priority = kay->actor_priority; body->priority = kay->actor_priority;
@ -978,8 +979,8 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
for (pos = mka_msg, left_len = msg_len; for (pos = mka_msg, left_len = msg_len;
left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN; left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
left_len -= body_len + MKA_HDR_LEN, left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN,
pos += body_len + MKA_HDR_LEN) { pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos; hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr); body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr); body_type = get_mka_param_body_type(hdr);
@ -1747,7 +1748,7 @@ ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
left_len = msg_len; left_len = msg_len;
while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) { while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
hdr = (struct ieee802_1x_mka_hdr *) pos; hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr); body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
body_type = get_mka_param_body_type(hdr); body_type = get_mka_param_body_type(hdr);
if (left_len < (body_len + MKA_HDR_LEN)) if (left_len < (body_len + MKA_HDR_LEN))
@ -3011,7 +3012,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
/* to skip basic parameter set */ /* to skip basic parameter set */
hdr = (struct ieee802_1x_mka_hdr *) pos; hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr); body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
pos += body_len + MKA_HDR_LEN; pos += body_len + MKA_HDR_LEN;
left_len -= body_len + MKA_HDR_LEN; left_len -= body_len + MKA_HDR_LEN;
@ -3051,7 +3052,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
pos += body_len + MKA_HDR_LEN, pos += body_len + MKA_HDR_LEN,
left_len -= body_len + MKA_HDR_LEN) { left_len -= body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos; hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr); body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
body_type = get_mka_param_body_type(hdr); body_type = get_mka_param_body_type(hdr);
if (body_type == MKA_ICV_INDICATOR) if (body_type == MKA_ICV_INDICATOR)