Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

sae: fix incorrect length adjustment 

The commit/confirm processing was incorrectly subtracting 2 from
the length when they should be subtracting 6. As with the other
similar change, the length is validated with mpdu_validate so
subtracting 6 will not cause an overflow.
This commit is contained in:
James Prestwood 2019-10-21 14:59:17 -07:00 committed by Denis Kenzior
parent 47efe17461
commit 27d698a0c0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/sae.c
View File

@ -1040,10 +1040,10 @@ static int sae_rx_authenticate(struct auth_proto *ap,
switch (L_LE16_TO_CPU(auth->transaction_sequence)) {
case SAE_STATE_COMMITTED:
return sae_process_commit(sm, hdr->address_2, auth->ies,
len - 2);
len - 6);
case SAE_STATE_CONFIRMED:
return sae_process_confirm(sm, hdr->address_2, auth->ies,
len - 2);
len - 6);
default:
l_error("invalid transaction sequence %u",
L_LE16_TO_CPU(auth->transaction_sequence));