From 4646ee67c0658cb0025be3f4fab2e9d92b059b50 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 22 Jan 2012 21:12:51 +0200
Subject: [PATCH] Reject too short IMSI in EAP-SIM/AKA identity generation

Signed-hostap: Jouni Malinen <j@w1.fi>
---
 src/eap_peer/eap.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 91fa4a9ca..cac85db6c 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -895,6 +895,11 @@ static int eap_sm_imsi_identity(struct eap_sm *sm,
 
 	wpa_hexdump_ascii(MSG_DEBUG, "IMSI", (u8 *) imsi, imsi_len);
 
+	if (imsi_len < 7) {
+		wpa_printf(MSG_WARNING, "Too short IMSI for SIM identity");
+		return -1;
+	}
+
 	for (i = 0; m && (m[i].vendor != EAP_VENDOR_IETF ||
 			  m[i].method != EAP_TYPE_NONE); i++) {
 		if (m[i].vendor == EAP_VENDOR_IETF &&