Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

sae: Move Commit message length validation 

Instead of verifying commit message length in the sae_process_commit
method, verify it in the verification function instead.
This commit is contained in:
Denis Kenzior 2021-07-10 16:33:20 -05:00
parent 18ec5589f8
commit cb810c12ff
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/sae.c
View File

@ -495,12 +495,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
goto reject;
}
/* Scalar + Point + group */
if (len < nbytes + nbytes * 2 + 2) {
l_error("bad packet length");
goto reject;
}
ptr += 2;
sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
@ -860,6 +854,11 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
return -EPROTO;
}
len -= 2;
if (len < l_ecc_curve_get_scalar_bytes(sm->curve) * 3)
return -EBADMSG;
return 0;
default:
/*