Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

sae: fix length check and commit buffer size 

A length check was still assuming the 256 bit ECC group. This
was updated to scale with the group. The commit buffer was also
not properly sized. This was changed to allow for the largest
ECC group supported.
This commit is contained in:
James Prestwood 2019-02-01 14:34:04 -08:00 committed by Denis Kenzior
parent 2e5099a716
commit bc9e70f9cd
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/sae.c
View File

@ -435,7 +435,8 @@ static void sae_process_commit(struct sae_sm *sm, const uint8_t *from,
goto reject;
}
if (len < 98) {
/* Scalar + Point + group */
if (len < nbytes + nbytes * 2 + 2) {
l_error("bad packet length");
goto reject;
}
@ -588,8 +589,8 @@ reject:
static void sae_send_commit(struct sae_sm *sm, bool retry)
{
struct handshake_state *hs = sm->handshake;
/* regular commit + possible 256 byte token */
uint8_t commit[358];
/* regular commit + possible 256 byte token + 6 bytes header */
uint8_t commit[L_ECC_SCALAR_MAX_BYTES + L_ECC_POINT_MAX_BYTES + 262];
size_t len;
if (!sae_build_commit(sm, hs->spa, hs->aa, commit, &len, retry))