From b6ab429402959280446b15d772769c6c6fe2fab9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 5 Jun 2008 21:00:56 +0300 Subject: [PATCH] Read Michael MIC keys through TK2 union instead of offset from TK1 This gets rid of potential warnings about buffer bounds errors. The earlier code works fine, but it is not the cleanest way of using the struct wpa_ptk definition for TK1/TK2. --- src/rsn_supp/peerkey.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/peerkey.c b/src/rsn_supp/peerkey.c index ba5cc1eb0..92ced5b6b 100644 --- a/src/rsn_supp/peerkey.c +++ b/src/rsn_supp/peerkey.c @@ -867,8 +867,8 @@ static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm, if (peerkey->cipher == WPA_CIPHER_TKIP) { /* Swap Tx/Rx keys for Michael MIC */ os_memcpy(key_buf, _key, 16); - os_memcpy(key_buf + 16, _key + 24, 8); - os_memcpy(key_buf + 24, _key + 16, 8); + os_memcpy(key_buf + 16, peerkey->stk.u.auth.rx_mic_key, 8); + os_memcpy(key_buf + 24, peerkey->stk.u.auth.tx_mic_key, 8); _key = key_buf; key_len = 32; } else