diff options
| author | Jouni Malinen <j@w1.fi> | 2015-05-01 16:37:45 +0300 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-05-31 16:05:30 -0700 |
| commit | 2f158854ce30b7e7d02027d9abd93e3c9e5da21e (patch) | |
| tree | 02a058e65f2d75506ab3f08effdba3feafb67cb4 /src | |
| parent | d63bdf8648712f808ef0484e08cbb3f794c86294 (diff) | |
| download | android_external_wpa_supplicant_8-2f158854ce30b7e7d02027d9abd93e3c9e5da21e.tar.gz android_external_wpa_supplicant_8-2f158854ce30b7e7d02027d9abd93e3c9e5da21e.tar.bz2 android_external_wpa_supplicant_8-2f158854ce30b7e7d02027d9abd93e3c9e5da21e.zip | |
EAP-pwd peer: Fix payload length validation for Commit and Confirm.
The length of the received Commit and Confirm message payloads was not
checked before reading them. This could result in a buffer read
overflow when processing an invalid message.
Fix this by verifying that the payload is of expected length before
processing it. In addition, enforce correct state transition sequence to
make sure there is no unexpected behavior if receiving a Commit/Confirm
message before the previous exchanges have been completed.
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
CRs-Fixed: 833592
Git-commit: dd2f043c9c43d156494e33d7ce22db96e6ef42c7
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <j@w1.fi>
Change-Id: I864c6514e9f7eaa5e75dfa542057ecc288bb7d07
Diffstat (limited to 'src')
| -rw-r--r-- | src/eap_peer/eap_pwd.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c index 1c915ed4..669d2d2b 100644 --- a/src/eap_peer/eap_pwd.c +++ b/src/eap_peer/eap_pwd.c @@ -301,6 +301,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; u16 offset; u8 *ptr, *scalar = NULL, *element = NULL; + size_t prime_len, order_len; + + if (data->state != PWD_Commit_Req) { + ret->ignore = TRUE; + goto fin; + } + + prime_len = BN_num_bytes(data->grp->prime); + order_len = BN_num_bytes(data->grp->order); + + if (payload_len != 2 * prime_len + order_len) { + wpa_printf(MSG_INFO, + "EAP-pwd: Unexpected Commit payload length %u (expected %u)", + (unsigned int) payload_len, + (unsigned int) (2 * prime_len + order_len)); + goto fin; + } if (((data->private_value = BN_new()) == NULL) || ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || @@ -500,6 +517,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; int offset; + if (data->state != PWD_Confirm_Req) { + ret->ignore = TRUE; + goto fin; + } + + if (payload_len != SHA256_MAC_LEN) { + wpa_printf(MSG_INFO, + "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", + (unsigned int) payload_len, SHA256_MAC_LEN); + goto fin; + } + /* * first build up the ciphersuite which is group | random_function | * prf |