eapol: Use handshake_util_find_kde
This returns the length of the actual contents, making the code a bit easier to read and avoid the need to mask the KDE value which isn't self-explanatory.
This commit is contained in:
Denis Kenzior
parent
f7b59750d0
commit
46c19b6c6a
32
src/eapol.c
32
src/eapol.c
|
|
@ -1498,13 +1498,14 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sm->handshake->support_ip_allocation) {
|
if (sm->handshake->support_ip_allocation) {
|
||||||
|
size_t len;
|
||||||
const uint8_t *ip_req_kde =
|
const uint8_t *ip_req_kde =
|
||||||
eapol_find_wfa_kde(EAPOL_KEY_DATA(ek, sm->mic_len),
|
handshake_util_find_kde(HANDSHAKE_KDE_IP_ADDRESS_REQ,
|
||||||
|
EAPOL_KEY_DATA(ek, sm->mic_len),
|
||||||
EAPOL_KEY_DATA_LEN(ek, sm->mic_len),
|
EAPOL_KEY_DATA_LEN(ek, sm->mic_len),
|
||||||
HANDSHAKE_KDE_IP_ADDRESS_REQ & 255);
|
&len);
|
||||||
|
|
||||||
if (ip_req_kde &&
|
if (ip_req_kde && (len < 1 || ip_req_kde[0] != 0x01)) {
|
||||||
(ip_req_kde[1] < 5 || ip_req_kde[6] != 0x01)) {
|
|
||||||
l_debug("Invalid IP Address Request KDE in frame 2/4");
|
l_debug("Invalid IP Address Request KDE in frame 2/4");
|
||||||
handshake_failed(sm, MMPDU_REASON_CODE_INVALID_IE);
|
handshake_failed(sm, MMPDU_REASON_CODE_INVALID_IE);
|
||||||
return;
|
return;
|
||||||
|
|
@ -1788,16 +1789,17 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
|
||||||
igtk = NULL;
|
igtk = NULL;
|
||||||
|
|
||||||
if (hs->support_ip_allocation) {
|
if (hs->support_ip_allocation) {
|
||||||
|
size_t len;
|
||||||
const uint8_t *ip_alloc_kde =
|
const uint8_t *ip_alloc_kde =
|
||||||
eapol_find_wfa_kde(decrypted_key_data,
|
handshake_util_find_kde(HANDSHAKE_KDE_IP_ADDRESS_ALLOC,
|
||||||
decrypted_key_data_size,
|
decrypted_key_data,
|
||||||
HANDSHAKE_KDE_IP_ADDRESS_ALLOC & 255);
|
decrypted_key_data_size,
|
||||||
|
&len);
|
||||||
|
|
||||||
if (ip_alloc_kde &&
|
if (ip_alloc_kde && (len < 12 ||
|
||||||
(ip_alloc_kde[1] < 16 ||
|
!eapol_check_ip_mask(ip_alloc_kde + 4,
|
||||||
!eapol_check_ip_mask(ip_alloc_kde + 10,
|
ip_alloc_kde,
|
||||||
ip_alloc_kde + 6,
|
ip_alloc_kde + 8))) {
|
||||||
ip_alloc_kde + 14))) {
|
|
||||||
l_debug("Invalid IP Allocation KDE in frame 3/4");
|
l_debug("Invalid IP Allocation KDE in frame 3/4");
|
||||||
handshake_failed(sm, MMPDU_REASON_CODE_INVALID_IE);
|
handshake_failed(sm, MMPDU_REASON_CODE_INVALID_IE);
|
||||||
return;
|
return;
|
||||||
|
|
@ -1806,9 +1808,9 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
|
||||||
hs->support_ip_allocation = ip_alloc_kde != NULL;
|
hs->support_ip_allocation = ip_alloc_kde != NULL;
|
||||||
|
|
||||||
if (ip_alloc_kde) {
|
if (ip_alloc_kde) {
|
||||||
hs->client_ip_addr = l_get_be32(ip_alloc_kde + 6);
|
hs->client_ip_addr = l_get_be32(ip_alloc_kde);
|
||||||
hs->subnet_mask = l_get_be32(ip_alloc_kde + 10);
|
hs->subnet_mask = l_get_be32(ip_alloc_kde + 4);
|
||||||
hs->go_ip_addr = l_get_be32(ip_alloc_kde + 14);
|
hs->go_ip_addr = l_get_be32(ip_alloc_kde + 8);
|
||||||
} else
|
} else
|
||||||
l_debug("Authenticator ignored our IP Address Request");
|
l_debug("Authenticator ignored our IP Address Request");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue