mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-22 03:14:05 +01:00
eap-mschapv2: Fix uninitialized use of memory
When the response structure is generated, not all of the memory was initialized to 0. ==1045== Syscall param socketcall.sendto(msg) points to uninitialised byte(s) ==1045== at 0x5134D52: send (in /lib64/libc-2.25.so) ==1045== by 0x168AB5: l_checksum_update (checksum.c:338) ==1045== by 0x186777: tls_write_mac (tls-record.c:58) ==1045== by 0x1869D1: tls_tx_record_plaintext (tls-record.c:120) ==1045== by 0x186DEA: tls_tx_record (tls-record.c:201) ==1045== by 0x185A3B: l_tls_write (tls.c:2064) ==1045== by 0x14584F: eap_ttls_eap_tx_packet (eap-ttls.c:321) ==1045== by 0x14236C: eap_send_response (eap.c:165) ==1045== by 0x147904: eap_mschapv2_send_response (eap-mschapv2.c:468) ==1045== by 0x147A10: eap_mschapv2_handle_challenge (eap-mschapv2.c:492) ==1045== by 0x147E9A: eap_mschapv2_handle_request (eap-mschapv2.c:615) ==1045== by 0x142693: __eap_handle_request (eap.c:240) ==1045== Address 0x1ffeffe7f9 is on thread 1's stack ==1045== in frame #4, created by tls_tx_record (tls-record.c:177) ==1045== Uninitialised value was created by a stack allocation ==1045== at 0x1477AE: eap_mschapv2_send_response (eap-mschapv2.c:443) ==1045== ==1045== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==1045== at 0x5134E3B: sendmsg (in /lib64/libc-2.25.so) ==1045== by 0x17F691: operate_cipher (cipher.c:356) ==1045== by 0x17F9D8: l_cipher_encrypt (cipher.c:446) ==1045== by 0x186BAA: tls_tx_record_plaintext (tls-record.c:152) ==1045== by 0x186DEA: tls_tx_record (tls-record.c:201) ==1045== by 0x185A3B: l_tls_write (tls.c:2064) ==1045== by 0x14584F: eap_ttls_eap_tx_packet (eap-ttls.c:321) ==1045== by 0x14236C: eap_send_response (eap.c:165) ==1045== by 0x147904: eap_mschapv2_send_response (eap-mschapv2.c:468) ==1045== by 0x147A10: eap_mschapv2_handle_challenge (eap-mschapv2.c:492) ==1045== by 0x147E9A: eap_mschapv2_handle_request (eap-mschapv2.c:615) ==1045== by 0x142693: __eap_handle_request (eap.c:240) ==1045== Address 0x1ffeffe7f9 is on thread 1's stack ==1045== in frame #4, created by tls_tx_record (tls-record.c:177) ==1045== Uninitialised value was created by a stack allocation ==1045== at 0x1477AE: eap_mschapv2_send_response (eap-mschapv2.c:443) ==1045==
This commit is contained in:
parent
dc956d4f33
commit
8112806aca
@ -447,6 +447,12 @@ static bool eap_mschapv2_send_response(struct eap_state *eap)
|
||||
(struct mschapv2_response *) (output + 5);
|
||||
bool ret;
|
||||
|
||||
/*
|
||||
* Make sure to initialize the response structure to 0 since
|
||||
* we're not filling in some of the reserved or optional fields
|
||||
*/
|
||||
memset(response, 0, size);
|
||||
|
||||
ret = mschapv2_generate_nt_response(state->password_hash,
|
||||
state->peer_challenge,
|
||||
state->server_challenge,
|
||||
|
Loading…
Reference in New Issue
Block a user