mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-29 05:39:24 +01:00
eap-pwd: fix buffer overflow for larger groups
The KDF function processes data in 32 byte chunks so for groups which primes are not divisible by 32 bytes, you will get a buffer overflow when copying the last chunk of data. Now l_checksum_get_digest is limited to the bytes remaining in the buffer, or 32, whichever is the smallest.
This commit is contained in:
parent
06ee531749
commit
a983ca0c33
@ -117,7 +117,7 @@ static bool kdf(uint8_t *key, size_t key_len, const char *label,
|
|||||||
if (!l_checksum_updatev(hmac, iov, iov_pos))
|
if (!l_checksum_updatev(hmac, iov, iov_pos))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
l_checksum_get_digest(hmac, out + len, 32);
|
l_checksum_get_digest(hmac, out + len, minsize(olen - len, 32));
|
||||||
l_checksum_free(hmac);
|
l_checksum_free(hmac);
|
||||||
|
|
||||||
len += 32;
|
len += 32;
|
||||||
|
Loading…
Reference in New Issue
Block a user