jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Check wpa_supplicant_parse_ies() return value more consistently

Browse source 
Reject messages that fail to be parsed instead of trying to use
partially parsed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-12-04 16:40:06 +02:00
parent 78018ae91d
commit d627a9395d
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/rsn_supp/wpa.c
View file

@ -396,7 +396,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
const u8 *_buf = (const u8 *) (key + 1); const u8 *_buf = (const u8 *) (key + 1);
size_t len = WPA_GET_BE16(key->key_data_length); size_t len = WPA_GET_BE16(key->key_data_length);
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len); wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", _buf, len);
wpa_supplicant_parse_ies(_buf, len, &ie); if (wpa_supplicant_parse_ies(_buf, len, &ie) < 0)
goto failed;
if (ie.pmkid) { if (ie.pmkid) {
wpa_hexdump(MSG_DEBUG, "RSN: PMKID from " wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
"Authenticator", ie.pmkid, PMKID_LEN); "Authenticator", ie.pmkid, PMKID_LEN);
@ -1085,7 +1086,8 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
pos = (const u8 *) (key + 1); pos = (const u8 *) (key + 1);
len = WPA_GET_BE16(key->key_data_length); len = WPA_GET_BE16(key->key_data_length);
wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len); wpa_hexdump(MSG_DEBUG, "WPA: IE KeyData", pos, len);
wpa_supplicant_parse_ies(pos, len, &ie); if (wpa_supplicant_parse_ies(pos, len, &ie) < 0)
goto failed;
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: GTK IE in unencrypted key data"); "WPA: GTK IE in unencrypted key data");
@ -1193,7 +1195,8 @@ static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm,
struct wpa_eapol_ie_parse ie; struct wpa_eapol_ie_parse ie;
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen); wpa_hexdump(MSG_DEBUG, "RSN: msg 1/2 key data", keydata, keydatalen);
wpa_supplicant_parse_ies(keydata, keydatalen, &ie); if (wpa_supplicant_parse_ies(keydata, keydatalen, &ie) < 0)
return -1;
if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { if (ie.gtk && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"WPA: GTK IE in unencrypted key data"); "WPA: GTK IE in unencrypted key data");