From c985da04caca9cc9f1472718df756c9b73fb6af4 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Thu, 4 Apr 2019 09:03:16 -0700 Subject: [PATCH] sae: fix potential infinite loop It was assumed that the hunt-and-peck loop was guarenteed to find a PWE. This was incorrect in terms of kernel support. If a system does not have support for AF_ALG or runs out of file descriptors the KDFs may fail. The loop continued to run if found == false, which is also incorrect because we want to stop after 20 iterations regarless of success. This changes the loop to a for loop so it will always exit after the set number of iterations. --- src/sae.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/sae.c b/src/sae.c index cab004bd..b0ebe8e8 100644 --- a/src/sae.c +++ b/src/sae.c @@ -251,8 +251,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password, const uint8_t *addr1, const uint8_t *addr2) { bool found = false; - uint8_t counter = 1; - uint8_t k = 20; + uint8_t counter; uint8_t pwd_seed[32]; struct l_ecc_scalar *pwd_value; uint8_t random[32]; @@ -267,7 +266,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password, qr = sae_new_residue(sm->curve, true); qnr = sae_new_residue(sm->curve, false); - do { + for (counter = 1; counter <= 20; counter++) { /* pwd-seed = H(max(addr1, addr2) || min(addr1, addr2), * base || counter) * pwd-value = KDF-256(pwd-seed, "SAE Hunting and Pecking", p) @@ -291,10 +290,7 @@ static bool sae_compute_pwe(struct sae_sm *sm, char *password, } l_ecc_scalar_free(pwd_value); - - counter++; - - } while ((counter <= k) || (found == false)); + } l_ecc_scalar_free(qr); l_ecc_scalar_free(qnr);