From cb810c12ff11cf348c38e390f3581f90d21af319 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Sat, 10 Jul 2021 16:33:20 -0500 Subject: [PATCH] sae: Move Commit message length validation Instead of verifying commit message length in the sae_process_commit method, verify it in the verification function instead. --- src/sae.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/sae.c b/src/sae.c index eff50977..d80fd506 100644 --- a/src/sae.c +++ b/src/sae.c @@ -495,12 +495,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, goto reject; } - /* Scalar + Point + group */ - if (len < nbytes + nbytes * 2 + 2) { - l_error("bad packet length"); - goto reject; - } - ptr += 2; sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes); @@ -860,6 +854,11 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction, return -EPROTO; } + len -= 2; + + if (len < l_ecc_curve_get_scalar_bytes(sm->curve) * 3) + return -EBADMSG; + return 0; default: /*