diff options
| author | Jouni Malinen <j@w1.fi> | 2015-05-02 19:26:28 +0300 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-05-31 16:06:17 -0700 |
| commit | 7fcbd0b0827354a213dc43575bfed8980a32d781 (patch) | |
| tree | 1bb8873f6942086e768c2d8f4962cd92c5de7d68 | |
| parent | 803f4d734eddebf95cd306e7a6e94ba62e36fcb9 (diff) | |
| download | android_external_wpa_supplicant_8-7fcbd0b0827354a213dc43575bfed8980a32d781.tar.gz android_external_wpa_supplicant_8-7fcbd0b0827354a213dc43575bfed8980a32d781.tar.bz2 android_external_wpa_supplicant_8-7fcbd0b0827354a213dc43575bfed8980a32d781.zip | |
EAP-pwd peer: Fix asymmetric fragmentation behavior.
The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.
CRs-Fixed: 833592
Git-commit: 28a069a545b06b99eb55ad53f63f2c99e65a98f6
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <j@w1.fi>
Change-Id: I29254a57c259c492f061a62657981f36bee8ca59
| -rw-r--r-- | src/eap_peer/eap_pwd.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c index 4642527c..ac0db995 100644 --- a/src/eap_peer/eap_pwd.c +++ b/src/eap_peer/eap_pwd.c @@ -914,6 +914,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, /* * we have output! Do we need to fragment it? */ + lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); len = wpabuf_len(data->outbuf); if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, |