sae: Move Commit message length validation

Instead of verifying commit message length in the sae_process_commit method, verify it in the verification function instead.
2024-12-22 21:22:37 +01:00 · 2021-07-10 16:33:20 -05:00 · 2021-07-10 16:33:20 -05:00 · cb810c12ff
commit cb810c12ff
parent 18ec5589f8
1 changed files with 5 additions and 6 deletions
--- a/src/sae.c
+++ b/src/sae.c
@ -495,12 +495,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 		goto reject;
 	}

-	/* Scalar + Point + group */
-	if (len < nbytes + nbytes * 2 + 2) {
-		l_error("bad packet length");
-		goto reject;
-	}
-
 	ptr += 2;

 	sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
@ -860,6 +854,11 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
 			return -EPROTO;
 		}

+		len -= 2;
+
+		if (len < l_ecc_curve_get_scalar_bytes(sm->curve) * 3)
+			return -EBADMSG;
+
 		return 0;
 	default:
 		/*