Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-02-16 23:40:43 +01:00
Code Releases Activity

eap-mschapv2: Check Password-Hash exists when loading settings

Browse Source 
Caught by static analysis, the Password-Hash was never validated so
it could end up memcpying from a NULL pointer.
This commit is contained in:
James Prestwood 2024-03-01 11:40:54 -08:00 committed by Denis Kenzior
parent 795f57e816
commit eb3345b51b
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/eap-mschapv2.c
View File

@ -531,6 +531,9 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap,
snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix); snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix);
hash = l_settings_get_bytes(settings, "Security", setting, hash = l_settings_get_bytes(settings, "Security", setting,
&hash_len); &hash_len);
if (!hash)
goto error;
memcpy(state->password_hash, hash, 16); memcpy(state->password_hash, hash, 16);
explicit_bzero(hash, 16); explicit_bzero(hash, 16);
l_free(hash); l_free(hash);