From 9192f506d32fcb3de912ecc1157ddddeb83276ef Mon Sep 17 00:00:00 2001
From: James Prestwood <james.prestwood@linux.intel.com>
Date: Wed, 10 Apr 2019 11:54:13 -0700
Subject: [PATCH] eap-pwd: check if server point/scalar is valid

Reported-By: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
---
 src/eap-pwd.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/eap-pwd.c b/src/eap-pwd.c
index ccdaa704..66a738fb 100644
--- a/src/eap-pwd.c
+++ b/src/eap-pwd.c
@@ -389,10 +389,16 @@ static void eap_pwd_handle_commit(struct eap_state *eap,
 	pwd->element_s = l_ecc_point_from_data(pwd->curve,
 						L_ECC_POINT_TYPE_FULL,
 						pkt, nbytes * 2);
-	if (!pwd->element_s)
-		goto invalid_point;
+	if (!pwd->element_s) {
+		l_error("Server sent invalid Element_S during commit");
+		goto error;
+	}
 
 	pwd->scalar_s = l_ecc_scalar_new(pwd->curve, pkt + nbytes * 2, nbytes);
+	if (!pwd->scalar_s) {
+		l_error("Server sent invalid Scalar_S during commit");
+		goto error;
+	}
 
 	pwd->p_rand = l_ecc_scalar_new_random(pwd->curve);
 	p_mask = l_ecc_scalar_new_random(pwd->curve);
@@ -423,8 +429,6 @@ static void eap_pwd_handle_commit(struct eap_state *eap,
 
 	return;
 
-invalid_point:
-	l_error("invalid point during commit exchange");
 error:
 	eap_method_error(eap);
 }