From 6f7743426b4182cfd55ba3e1bde9a7d53cc310d5 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Mon, 28 Mar 2022 15:32:56 -0700 Subject: [PATCH] eapol: zero entire buffer when creating frame Since l_malloc is used the frame contents are not zero'ed automatically which could result in random bytes being present in the frame which were expected to be zero. This poses a problem when calculating the MIC as the crypto operations are done on the entire frame with the expectation of the MIC being zero. Fixes: 83212f9b23d5 ("eapol: change eapol_create_common to support FILS") --- src/eapol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/eapol.c b/src/eapol.c index 9f397d1d..e2c99991 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -706,7 +706,7 @@ static struct eapol_key *eapol_create_common( struct eapol_key *out_frame = l_malloc(to_alloc + extra_len + extra_key_len); - memset(out_frame, 0, to_alloc + extra_len); + memset(out_frame, 0, to_alloc + extra_len + extra_key_len); out_frame->header.protocol_version = protocol; out_frame->header.packet_type = 0x3;