mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
wlantest: Avoid heap-overflow on unexpected data
We're doing a sort of bounds check, based on the previous loop, but only after we've already tried to read off the end. This squashes some ASAN errors I'm seeing when running the ap_ft hwsim test module. Signed-off-by: Brian Norris <briannorris@chromium.org>
This commit is contained in:
parent
2caff11d7a
commit
22c06de911
@ -722,8 +722,8 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
|
||||
}
|
||||
p += 2 + p[1];
|
||||
}
|
||||
if (p && p > decrypted && *p == 0xdd &&
|
||||
p + 1 == decrypted + decrypted_len) {
|
||||
if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
|
||||
*p == 0xdd) {
|
||||
/* Remove padding */
|
||||
p--;
|
||||
plain_len = p - decrypted;
|
||||
|
Loading…
Reference in New Issue
Block a user