mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-19 03:14:05 -05:00
MKA: Handle unaligned CKN length
IEEE Std 802.1X-2010, Figure 11-7 explains that "Parameter set body length" is exclusive of the suffix padding. Fix variable length encoding and decoding when CKN length is not a multiple of 4 bytes. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
parent
f1ac2b8e6a
commit
61127f162a
@ -704,9 +704,10 @@ ieee802_1x_mka_encode_basic_body(
|
||||
{
|
||||
struct ieee802_1x_mka_basic_body *body;
|
||||
struct ieee802_1x_kay *kay = participant->kay;
|
||||
unsigned int length = ieee802_1x_mka_basic_body_length(participant);
|
||||
unsigned int length = sizeof(struct ieee802_1x_mka_basic_body);
|
||||
|
||||
body = wpabuf_put(buf, length);
|
||||
length += participant->ckn.len;
|
||||
body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length));
|
||||
|
||||
body->version = kay->mka_version;
|
||||
body->priority = kay->actor_priority;
|
||||
@ -978,8 +979,8 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
|
||||
|
||||
for (pos = mka_msg, left_len = msg_len;
|
||||
left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
|
||||
left_len -= body_len + MKA_HDR_LEN,
|
||||
pos += body_len + MKA_HDR_LEN) {
|
||||
left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN,
|
||||
pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) {
|
||||
hdr = (struct ieee802_1x_mka_hdr *) pos;
|
||||
body_len = get_mka_param_body_len(hdr);
|
||||
body_type = get_mka_param_body_type(hdr);
|
||||
@ -1747,7 +1748,7 @@ ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
|
||||
left_len = msg_len;
|
||||
while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
|
||||
hdr = (struct ieee802_1x_mka_hdr *) pos;
|
||||
body_len = get_mka_param_body_len(hdr);
|
||||
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
|
||||
body_type = get_mka_param_body_type(hdr);
|
||||
|
||||
if (left_len < (body_len + MKA_HDR_LEN))
|
||||
@ -3011,7 +3012,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
|
||||
|
||||
/* to skip basic parameter set */
|
||||
hdr = (struct ieee802_1x_mka_hdr *) pos;
|
||||
body_len = get_mka_param_body_len(hdr);
|
||||
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
|
||||
pos += body_len + MKA_HDR_LEN;
|
||||
left_len -= body_len + MKA_HDR_LEN;
|
||||
|
||||
@ -3051,7 +3052,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
|
||||
pos += body_len + MKA_HDR_LEN,
|
||||
left_len -= body_len + MKA_HDR_LEN) {
|
||||
hdr = (struct ieee802_1x_mka_hdr *) pos;
|
||||
body_len = get_mka_param_body_len(hdr);
|
||||
body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
|
||||
body_type = get_mka_param_body_type(hdr);
|
||||
|
||||
if (body_type == MKA_ICV_INDICATOR)
|
||||
|
Loading…
Reference in New Issue
Block a user