MKA: Handle unaligned CKN length

IEEE Std 802.1X-2010, Figure 11-7 explains that "Parameter set body
length" is exclusive of the suffix padding.

Fix variable length encoding and decoding when CKN length is not a
multiple of 4 bytes.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun 2017-08-17 23:51:58 +02:00 committed by Jouni Malinen
parent f1ac2b8e6a
commit 61127f162a

View file

@ -704,9 +704,10 @@ ieee802_1x_mka_encode_basic_body(
{
struct ieee802_1x_mka_basic_body *body;
struct ieee802_1x_kay *kay = participant->kay;
unsigned int length = ieee802_1x_mka_basic_body_length(participant);
unsigned int length = sizeof(struct ieee802_1x_mka_basic_body);
body = wpabuf_put(buf, length);
length += participant->ckn.len;
body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length));
body->version = kay->mka_version;
body->priority = kay->actor_priority;
@ -978,8 +979,8 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
for (pos = mka_msg, left_len = msg_len;
left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
left_len -= body_len + MKA_HDR_LEN,
pos += body_len + MKA_HDR_LEN) {
left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN,
pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
@ -1747,7 +1748,7 @@ ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
left_len = msg_len;
while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
body_type = get_mka_param_body_type(hdr);
if (left_len < (body_len + MKA_HDR_LEN))
@ -3011,7 +3012,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
/* to skip basic parameter set */
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
pos += body_len + MKA_HDR_LEN;
left_len -= body_len + MKA_HDR_LEN;
@ -3051,7 +3052,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
pos += body_len + MKA_HDR_LEN,
left_len -= body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
body_type = get_mka_param_body_type(hdr);
if (body_type == MKA_ICV_INDICATOR)