Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

sae: verify peer element for valid point 

The return from l_ecc_point_from_data was not being checked for NULL,
which would cause a segfault if the peer sent an invalid point.
This adds a check and fails the protocol if p_element is NULL, as the
spec defines.
This commit is contained in:
James Prestwood 2019-01-10 13:43:37 -08:00 committed by Denis Kenzior
parent 48f5a051bc
commit 73dd0602fd
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/sae.c
View File

@ -450,6 +450,10 @@ static void sae_process_commit(struct sae_sm *sm, const uint8_t *from,
sm->p_element = l_ecc_point_from_data(sm->curve, L_ECC_POINT_TYPE_FULL,
ptr, 64);
if (!sm->p_element) {
reason = MMPDU_REASON_CODE_UNSPECIFIED;
goto reject;
}
if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) ||
l_ecc_points_are_equal(sm->p_element, sm->element)) {