3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 05:39:24 +01:00

eap-pwd: fix buffer overflow for larger groups

The KDF function processes data in 32 byte chunks so for groups which
primes are not divisible by 32 bytes, you will get a buffer overflow
when copying the last chunk of data.

Now l_checksum_get_digest is limited to the bytes remaining in the
buffer, or 32, whichever is the smallest.
This commit is contained in:
James Prestwood 2019-03-18 16:59:37 -07:00 committed by Denis Kenzior
parent 06ee531749
commit a983ca0c33

View File

@ -117,7 +117,7 @@ static bool kdf(uint8_t *key, size_t key_len, const char *label,
if (!l_checksum_updatev(hmac, iov, iov_pos)) if (!l_checksum_updatev(hmac, iov, iov_pos))
return false; return false;
l_checksum_get_digest(hmac, out + len, 32); l_checksum_get_digest(hmac, out + len, minsize(olen - len, 32));
l_checksum_free(hmac); l_checksum_free(hmac);
len += 32; len += 32;