EAP-SIM/AKA: Fix check for anonymous decorated identity
eap_sim_anonymous_username() gets called with an argument that is not a
null terminated C string and as such, os_strrchr() and os_strlen()
cannot be used with it. The previous implementation resulted in use of
uninitialized values and a potential read beyond the end of the buffer.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32277
Fixes: 73d9891bd7
("EAP-SIM/AKA peer: Support decorated anonymous identity prefix")
Signed-off-by: Jouni Malinen <j@w1.fi>
master
parent
512d973cc2
commit
3ae18d4bd7
Loading…
Reference in New Issue