mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
EAP-GPSK: Avoid dead increment by checking pos pointer
Instead of using the pre-calculated length of the buffer, determine the length of used data based on the pos pointer. This avoids a static analyzer warning about dead increment. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
164a453f9b
commit
62493dff1b
@ -284,7 +284,6 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
|
||||
u8 *pk, size_t *pk_len)
|
||||
{
|
||||
u8 *seed, *pos;
|
||||
size_t seed_len;
|
||||
int ret;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving keys (%d:%d)",
|
||||
@ -296,8 +295,7 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len);
|
||||
|
||||
/* Seed = RAND_Peer || ID_Peer || RAND_Server || ID_Server */
|
||||
seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
|
||||
seed = os_malloc(seed_len);
|
||||
seed = os_malloc(2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len);
|
||||
if (seed == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
|
||||
"for key derivation");
|
||||
@ -313,17 +311,18 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
|
||||
pos += EAP_GPSK_RAND_LEN;
|
||||
os_memcpy(pos, id_server, id_server_len);
|
||||
pos += id_server_len;
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, pos - seed);
|
||||
|
||||
switch (specifier) {
|
||||
case EAP_GPSK_CIPHER_AES:
|
||||
ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, seed_len,
|
||||
ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, pos - seed,
|
||||
msk, emsk, sk, sk_len,
|
||||
pk, pk_len);
|
||||
break;
|
||||
#ifdef EAP_GPSK_SHA256
|
||||
case EAP_GPSK_CIPHER_SHA256:
|
||||
ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed, seed_len,
|
||||
ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed,
|
||||
pos - seed,
|
||||
msk, emsk, sk, sk_len);
|
||||
break;
|
||||
#endif /* EAP_GPSK_SHA256 */
|
||||
@ -423,7 +422,6 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
|
||||
{
|
||||
u8 *seed, *pos;
|
||||
u8 kdf_out[16];
|
||||
size_t seed_len;
|
||||
int ret;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving Session ID(%d:%d)",
|
||||
@ -441,8 +439,7 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
|
||||
* Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
|
||||
* CSuite_Sel || inputString)
|
||||
*/
|
||||
seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
|
||||
seed = os_malloc(seed_len);
|
||||
seed = os_malloc(2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len);
|
||||
if (seed == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
|
||||
"for Session-Id derivation");
|
||||
@ -458,11 +455,11 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
|
||||
pos += EAP_GPSK_RAND_LEN;
|
||||
os_memcpy(pos, id_server, id_server_len);
|
||||
pos += id_server_len;
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, pos - seed);
|
||||
|
||||
ret = eap_gpsk_derive_mid_helper(specifier,
|
||||
kdf_out, sizeof(kdf_out),
|
||||
psk, seed, seed_len,
|
||||
psk, seed, pos - seed,
|
||||
method_type);
|
||||
|
||||
sid[0] = method_type;
|
||||
|
Loading…
Reference in New Issue
Block a user