16accb6b24
- 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 9716bf1160beb677e965d9e6475d6c9e162e8374 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <j@w1.fi>
|
|
Date: Tue, 9 Jul 2024 23:34:34 +0300
|
|
Subject: [PATCH 3/3] SAE: Reject invalid Rejected Groups element in the parser
|
|
|
|
There is no need to depend on all uses (i.e., both hostapd and
|
|
wpa_supplicant) to verify that the length of the Rejected Groups field
|
|
in the Rejected Groups element is valid (i.e., a multiple of two octets)
|
|
since the common parser can reject the message when detecting this.
|
|
|
|
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
|
|
Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/?id=9716bf1160beb677e965d9e6475d6c9e162e8374]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
src/common/sae.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/common/sae.c b/src/common/sae.c
|
|
index c0f154e91..620bdf753 100644
|
|
--- a/src/common/sae.c
|
|
+++ b/src/common/sae.c
|
|
@@ -2076,6 +2076,12 @@ static int sae_parse_rejected_groups(struct sae_data *sae,
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
epos++; /* skip ext ID */
|
|
len--;
|
|
+ if (len & 1) {
|
|
+ wpa_printf(MSG_DEBUG,
|
|
+ "SAE: Invalid length of the Rejected Groups element payload: %u",
|
|
+ len);
|
|
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
+ }
|
|
|
|
wpabuf_free(sae->tmp->peer_rejected_groups);
|
|
sae->tmp->peer_rejected_groups = wpabuf_alloc(len);
|
|
--
|
|
2.30.2
|
|
|