eapol: Stricter length check in eapol_decrypt_key_data

The plaintext key_data + padding must be at least 16 bytes so the AES-encrypted key_data must be at least 24 bytes.
2024-11-22 23:09:34 +01:00 · 2017-08-31 04:04:49 +02:00 · 2017-08-31 04:04:49 +02:00 · 092ede1147
commit 092ede1147
parent a0cde90814
1 changed files with 1 additions and 1 deletions
--- a/src/eapol.c
+++ b/src/eapol.c
@ -292,7 +292,7 @@ uint8_t *eapol_decrypt_key_data(const uint8_t *kek,
 	}
 	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
 	case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
-		if (key_data_len < 8 || key_data_len % 8)
+		if (key_data_len < 24 || key_data_len % 8)
 			goto error;

 		if (!aes_unwrap(kek, key_data, key_data_len, buf))