mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-12 19:32:36 +01:00
eapol: Fix trying to include uninitialized data
If OCI is not used, then the oci array is never initialized. Do not try
to include it in our GTK 2_of_2 message.
Fixes: ad4d639854
("eapol: include OCI in GTK 2/2")
This commit is contained in:
parent
24d4790537
commit
80ed3ef5b2
37
src/eapol.c
37
src/eapol.c
@ -1122,6 +1122,20 @@ static inline size_t append_ie(uint8_t *ies, const uint8_t *ie)
|
|||||||
return ie[1] + 2;
|
return ie[1] + 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static size_t append_oci(uint8_t *ies, const struct band_chandef *chandef)
|
||||||
|
{
|
||||||
|
unsigned int len = 0;
|
||||||
|
|
||||||
|
ies[len++] = IE_TYPE_VENDOR_SPECIFIC;
|
||||||
|
ies[len++] = 4 + 3;
|
||||||
|
l_put_be32(HANDSHAKE_KDE_OCI, ies + len);
|
||||||
|
len += 4;
|
||||||
|
oci_from_chandef(chandef, ies + len);
|
||||||
|
len += 3;
|
||||||
|
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
|
static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
|
||||||
const struct eapol_key *ek,
|
const struct eapol_key *ek,
|
||||||
bool unencrypted)
|
bool unencrypted)
|
||||||
@ -1266,14 +1280,8 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
|
|||||||
* dot11RSNAOperatingChannelValidationActivated is true on the
|
* dot11RSNAOperatingChannelValidationActivated is true on the
|
||||||
* Supplicant."
|
* Supplicant."
|
||||||
*/
|
*/
|
||||||
if (sm->handshake->supplicant_ocvc && sm->handshake->chandef) {
|
if (sm->handshake->supplicant_ocvc && sm->handshake->chandef)
|
||||||
ies[ies_len++] = IE_TYPE_VENDOR_SPECIFIC;
|
ies_len += append_oci(ies + ies_len, sm->handshake->chandef);
|
||||||
ies[ies_len++] = 4 + 3;
|
|
||||||
l_put_be32(HANDSHAKE_KDE_OCI, ies + ies_len);
|
|
||||||
ies_len += 4;
|
|
||||||
oci_from_chandef(sm->handshake->chandef, ies + ies_len);
|
|
||||||
ies_len += 3;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 802.11-2020, Section 12.7.6.3:
|
* 802.11-2020, Section 12.7.6.3:
|
||||||
@ -2075,7 +2083,8 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
|||||||
uint16_t igtk_key_index;
|
uint16_t igtk_key_index;
|
||||||
const uint8_t *oci = NULL;
|
const uint8_t *oci = NULL;
|
||||||
size_t oci_len;
|
size_t oci_len;
|
||||||
uint8_t oci_out[9];
|
uint8_t ies[1024];
|
||||||
|
size_t ies_len = 0;
|
||||||
|
|
||||||
l_debug("ifindex=%u", hs->ifindex);
|
l_debug("ifindex=%u", hs->ifindex);
|
||||||
|
|
||||||
@ -2143,12 +2152,8 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
|||||||
* appears to be a copy-paste from a previous section. Above it has been
|
* appears to be a copy-paste from a previous section. Above it has been
|
||||||
* changed to Supplicant.
|
* changed to Supplicant.
|
||||||
*/
|
*/
|
||||||
if (sm->handshake->supplicant_ocvc && sm->handshake->chandef) {
|
if (sm->handshake->supplicant_ocvc && sm->handshake->chandef)
|
||||||
oci_out[0] = IE_TYPE_VENDOR_SPECIFIC;
|
ies_len += append_oci(ies + ies_len, sm->handshake->chandef);
|
||||||
oci_out[1] = 4 + 3;
|
|
||||||
l_put_be32(HANDSHAKE_KDE_OCI, oci_out + 2);
|
|
||||||
oci_from_chandef(sm->handshake->chandef, oci_out + 6);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 802.11-2016, Section 12.7.7.2:
|
* 802.11-2016, Section 12.7.7.2:
|
||||||
@ -2171,7 +2176,7 @@ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
|
|||||||
step2 = eapol_create_gtk_2_of_2(sm->protocol_version,
|
step2 = eapol_create_gtk_2_of_2(sm->protocol_version,
|
||||||
ek->key_descriptor_version,
|
ek->key_descriptor_version,
|
||||||
sm->replay_counter,
|
sm->replay_counter,
|
||||||
oci_out[1] + 2, oci_out,
|
ies_len, ies,
|
||||||
hs->wpa_ie, ek->wpa_key_id,
|
hs->wpa_ie, ek->wpa_key_id,
|
||||||
sm->mic_len);
|
sm->mic_len);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user