diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index e3daee2c9..7937b8120 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -536,10 +536,13 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN + (rx_id ? 3 + os_strlen(rx_id) : 0)); - if (buf == NULL) - return NULL; - sae_write_commit(sta->sae, buf, sta->sae->tmp ? - sta->sae->tmp->anti_clogging_token : NULL, rx_id); + if (buf && + sae_write_commit(sta->sae, buf, sta->sae->tmp ? + sta->sae->tmp->anti_clogging_token : NULL, + rx_id) < 0) { + wpabuf_free(buf); + buf = NULL; + } return buf; } diff --git a/src/common/common_module_tests.c b/src/common/common_module_tests.c index 7694c96b4..a58bf666a 100644 --- a/src/common/common_module_tests.c +++ b/src/common/common_module_tests.c @@ -434,7 +434,8 @@ static int sae_tests(void) goto fail; /* Check that output matches the test vector */ - sae_write_commit(&sae, buf, NULL, pwid); + if (sae_write_commit(&sae, buf, NULL, pwid) < 0) + goto fail; wpa_hexdump_buf(MSG_DEBUG, "SAE: Commit message", buf); if (wpabuf_len(buf) != sizeof(local_commit) || diff --git a/src/common/sae.c b/src/common/sae.c index 7ed53be1c..543640de3 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -1623,13 +1623,13 @@ int sae_process_commit(struct sae_data *sae) } -void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, - const struct wpabuf *token, const char *identifier) +int sae_write_commit(struct sae_data *sae, struct wpabuf *buf, + const struct wpabuf *token, const char *identifier) { u8 *pos; if (sae->tmp == NULL) - return; + return -1; wpabuf_put_le16(buf, sae->group); /* Finite Cyclic Group */ if (!sae->tmp->h2e && token) { @@ -1638,23 +1638,27 @@ void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, wpabuf_head(token), wpabuf_len(token)); } pos = wpabuf_put(buf, sae->tmp->prime_len); - crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, - sae->tmp->prime_len, sae->tmp->prime_len); + if (crypto_bignum_to_bin(sae->tmp->own_commit_scalar, pos, + sae->tmp->prime_len, sae->tmp->prime_len) < 0) + return -1; wpa_hexdump(MSG_DEBUG, "SAE: own commit-scalar", pos, sae->tmp->prime_len); if (sae->tmp->ec) { pos = wpabuf_put(buf, 2 * sae->tmp->prime_len); - crypto_ec_point_to_bin(sae->tmp->ec, - sae->tmp->own_commit_element_ecc, - pos, pos + sae->tmp->prime_len); + if (crypto_ec_point_to_bin(sae->tmp->ec, + sae->tmp->own_commit_element_ecc, + pos, pos + sae->tmp->prime_len) < 0) + return -1; wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(x)", pos, sae->tmp->prime_len); wpa_hexdump(MSG_DEBUG, "SAE: own commit-element(y)", pos + sae->tmp->prime_len, sae->tmp->prime_len); } else { pos = wpabuf_put(buf, sae->tmp->prime_len); - crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, - sae->tmp->prime_len, sae->tmp->prime_len); + if (crypto_bignum_to_bin(sae->tmp->own_commit_element_ffc, pos, + sae->tmp->prime_len, + sae->tmp->prime_len) < 0) + return -1; wpa_hexdump(MSG_DEBUG, "SAE: own commit-element", pos, sae->tmp->prime_len); } @@ -1688,6 +1692,8 @@ void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, "SAE: Anti-clogging token (in container)", token); } + + return 0; } diff --git a/src/common/sae.h b/src/common/sae.h index e3e7d0eec..7966d70e4 100644 --- a/src/common/sae.h +++ b/src/common/sae.h @@ -88,8 +88,8 @@ int sae_prepare_commit_pt(struct sae_data *sae, const struct sae_pt *pt, const u8 *addr1, const u8 *addr2, int *rejected_groups); int sae_process_commit(struct sae_data *sae); -void sae_write_commit(struct sae_data *sae, struct wpabuf *buf, - const struct wpabuf *token, const char *identifier); +int sae_write_commit(struct sae_data *sae, struct wpabuf *buf, + const struct wpabuf *token, const char *identifier); u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len, const u8 **token, size_t *token_len, int *allowed_groups, int h2e); diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index d0088f9f4..aa59f151a 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -182,8 +182,11 @@ reuse_data: wpabuf_put_le16(buf, use_pt ? WLAN_STATUS_SAE_HASH_TO_ELEMENT : WLAN_STATUS_SUCCESS); } - sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token, - ssid->sae_password_id); + if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token, + ssid->sae_password_id) < 0) { + wpabuf_free(buf); + return NULL; + } if (ret_use_pt) *ret_use_pt = use_pt;