Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 17:59:25 +01:00
Code Releases Activity

eap-pwd: fix buffer overflow for larger groups

Browse Source 
The KDF function processes data in 32 byte chunks so for groups which
primes are not divisible by 32 bytes, you will get a buffer overflow
when copying the last chunk of data.

Now l_checksum_get_digest is limited to the bytes remaining in the
buffer, or 32, whichever is the smallest.
This commit is contained in:
James Prestwood 2019-03-18 16:59:37 -07:00 committed by Denis Kenzior
parent 06ee531749
commit a983ca0c33
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/eap-pwd.c
View File

@ -117,7 +117,7 @@ static bool kdf(uint8_t *key, size_t key_len, const char *label,
if (!l_checksum_updatev(hmac, iov, iov_pos))
return false;
l_checksum_get_digest(hmac, out + len, 32);
l_checksum_get_digest(hmac, out + len, minsize(olen - len, 32));
l_checksum_free(hmac);
len += 32;