Validate MAC Address KDE length in the parser

Verify that the MAC Address KDE includes enough data to contain a MAC
address as a part of the parsing function so that each caller would not
need to verify this separately. None of the existing users of this
parser actually needed the MAC address value, so there was not any use
for the length field before. The updated design is more robust for
future uses and gets rid of that unused length field as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-09-05 20:56:49 +03:00 committed by Jouni Malinen
parent 6f8af5974c
commit cd392151c5
2 changed files with 3 additions and 5 deletions

View file

@ -3209,11 +3209,10 @@ static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie)
return 0; return 0;
} }
if (left > 2 && selector == RSN_KEY_DATA_MAC_ADDR) { if (left >= ETH_ALEN && selector == RSN_KEY_DATA_MAC_ADDR) {
ie->mac_addr = p; ie->mac_addr = p;
ie->mac_addr_len = left; wpa_printf(MSG_DEBUG, "WPA: MAC Address in EAPOL-Key: " MACSTR,
wpa_hexdump(MSG_DEBUG, "WPA: MAC Address in EAPOL-Key", MAC2STR(ie->mac_addr));
pos, dlen);
return 0; return 0;
} }

View file

@ -573,7 +573,6 @@ struct wpa_eapol_ie_parse {
const u8 *gtk; const u8 *gtk;
size_t gtk_len; size_t gtk_len;
const u8 *mac_addr; const u8 *mac_addr;
size_t mac_addr_len;
const u8 *igtk; const u8 *igtk;
size_t igtk_len; size_t igtk_len;
const u8 *bigtk; const u8 *bigtk;