Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap-mschapv2: Check Password-Hash exists when loading settings 

Caught by static analysis, the Password-Hash was never validated so
it could end up memcpying from a NULL pointer.
This commit is contained in:
James Prestwood 2024-03-01 11:40:54 -08:00 committed by Denis Kenzior
parent 795f57e816
commit eb3345b51b
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/eap-mschapv2.c
View File

@ -531,6 +531,9 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap,
snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix);
hash = l_settings_get_bytes(settings, "Security", setting,
&hash_len);
if (!hash)
goto error;
memcpy(state->password_hash, hash, 16);
explicit_bzero(hash, 16);
l_free(hash);