EAP-SIM': Fix AT_KDF parser to avoid infinite loop

Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-21 12:18:56 +03:00
parent d8e02214ea
commit f3c6b230dd

View file

@ -893,7 +893,7 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
if (attr->kdf_count == EAP_AKA_PRIME_KDF_MAX) { if (attr->kdf_count == EAP_AKA_PRIME_KDF_MAX) {
wpa_printf(MSG_DEBUG, "EAP-AKA': Too many " wpa_printf(MSG_DEBUG, "EAP-AKA': Too many "
"AT_KDF attributes - ignore this"); "AT_KDF attributes - ignore this");
continue; break;
} }
attr->kdf[attr->kdf_count] = WPA_GET_BE16(apos); attr->kdf[attr->kdf_count] = WPA_GET_BE16(apos);
attr->kdf_count++; attr->kdf_count++;