MSCHAPv2: Check challenge_hash() failures

In theory, the SHA1 operation may fail (e.g., if SHA1 becomes disallowed in some security policies), so better check the return code from challenge_hash(). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 18:38:11 +03:00 · 2012-08-16 18:38:11 +03:00 · eb4b6fe04d
commit eb4b6fe04d
parent 860a93d5f7
1 changed files with 7 additions and 5 deletions
--- a/src/crypto/ms_funcs.c
+++ b/src/crypto/ms_funcs.c
@ -1,6 +1,6 @@
 /*
 * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
- * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
@ -173,8 +173,9 @@ int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
 	u8 challenge[8];
 	u8 password_hash[16];

-	challenge_hash(peer_challenge, auth_challenge, username, username_len,
-		       challenge);
+	if (challenge_hash(peer_challenge, auth_challenge, username,
+			   username_len, challenge))
+		return -1;
 	if (nt_password_hash(password, password_len, password_hash))
 		return -1;
 	challenge_response(challenge, password_hash, response);
@ -260,8 +261,9 @@ int generate_authenticator_response_pwhash(
 	if (sha1_vector(3, addr1, len1, response))
 		return -1;

-	challenge_hash(peer_challenge, auth_challenge, username, username_len,
-		       challenge);
+	if (challenge_hash(peer_challenge, auth_challenge, username,
+			   username_len, challenge))
+		return -1;
 	return sha1_vector(3, addr2, len2, response);
 }