jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mka: Add check for body length when decoding peers

Browse source 
The standard says that the body length must be a multiple of 16B.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This commit is contained in:
Sabrina Dubroca 2016-07-19 11:56:57 +02:00 committed by Jouni Malinen
parent ad19e71e68
commit d68b73cfa5
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/pae/ieee802_1x_kay.c
View file

@ -1000,6 +1000,12 @@ static int ieee802_1x_mka_decode_live_peer_body(
hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
body_len = get_mka_param_body_len(hdr);
if (body_len % 16 != 0) {
wpa_printf(MSG_ERROR,
"KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
body_len);
return -1;
}
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
peer_mi = MKA_HDR_LEN + peer_msg + i;
@ -1054,6 +1060,12 @@ ieee802_1x_mka_decode_potential_peer_body(
hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
body_len = get_mka_param_body_len(hdr);
if (body_len % 16 != 0) {
wpa_printf(MSG_ERROR,
"KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
body_len);
return -1;
}
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
peer_mi = MKA_HDR_LEN + peer_msg + i;