mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 04:32:37 +01:00
sae: fix potential infinite loop
It was assumed that the hunt-and-peck loop was guarenteed to find a PWE. This was incorrect in terms of kernel support. If a system does not have support for AF_ALG or runs out of file descriptors the KDFs may fail. The loop continued to run if found == false, which is also incorrect because we want to stop after 20 iterations regarless of success. This changes the loop to a for loop so it will always exit after the set number of iterations.
This commit is contained in:
parent
23041a44dd
commit
c985da04ca
10
src/sae.c
10
src/sae.c
@ -251,8 +251,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
|
||||
const uint8_t *addr1, const uint8_t *addr2)
|
||||
{
|
||||
bool found = false;
|
||||
uint8_t counter = 1;
|
||||
uint8_t k = 20;
|
||||
uint8_t counter;
|
||||
uint8_t pwd_seed[32];
|
||||
struct l_ecc_scalar *pwd_value;
|
||||
uint8_t random[32];
|
||||
@ -267,7 +266,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
|
||||
qr = sae_new_residue(sm->curve, true);
|
||||
qnr = sae_new_residue(sm->curve, false);
|
||||
|
||||
do {
|
||||
for (counter = 1; counter <= 20; counter++) {
|
||||
/* pwd-seed = H(max(addr1, addr2) || min(addr1, addr2),
|
||||
* base || counter)
|
||||
* pwd-value = KDF-256(pwd-seed, "SAE Hunting and Pecking", p)
|
||||
@ -291,10 +290,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password,
|
||||
}
|
||||
|
||||
l_ecc_scalar_free(pwd_value);
|
||||
|
||||
counter++;
|
||||
|
||||
} while ((counter <= k) || (found == false));
|
||||
}
|
||||
|
||||
l_ecc_scalar_free(qr);
|
||||
l_ecc_scalar_free(qnr);
|
||||
|
Loading…
Reference in New Issue
Block a user