jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wlantest: Avoid heap-overflow on unexpected data

Browse source 
We're doing a sort of bounds check, based on the previous loop, but only
after we've already tried to read off the end.

This squashes some ASAN errors I'm seeing when running the ap_ft hwsim
test module.

Signed-off-by: Brian Norris <briannorris@chromium.org>
This commit is contained in:
Brian Norris 2020-08-19 12:44:46 -07:00 committed by Jouni Malinen
parent 2caff11d7a
commit 22c06de911
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
wlantest/rx_eapol.c
View file

@ -722,8 +722,8 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
} }
p += 2 + p[1]; p += 2 + p[1];
} }
if (p && p > decrypted && *p == 0xdd && if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
p + 1 == decrypted + decrypted_len) { *p == 0xdd) {
/* Remove padding */ /* Remove padding */
p--; p--;
plain_len = p - decrypted; plain_len = p - decrypted;