From cbf9f4c642fae8aeed44b64e25ebaf3f37f97e00 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 1 Jan 2013 12:50:27 +0200 Subject: [PATCH] SAE: Fix PWE loop termination on excessive iterations The counter>200 check needs to be done before the continue-on-not-found case to be effective in stopping this loop. Signed-hostap: Jouni Malinen --- src/common/sae.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/common/sae.c b/src/common/sae.c index ff26e9e31..fcca157f2 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -202,6 +202,12 @@ static int sae_derive_pwe(struct sae_data *sae, const u8 *addr1, u8 pwd_seed[SHA256_MAC_LEN]; int res; + if (counter > 200) { + /* This should not happen in practice */ + wpa_printf(MSG_DEBUG, "SAE: Failed to derive PWE"); + break; + } + wpa_printf(MSG_DEBUG, "SAE: counter = %u", counter); if (hmac_sha256_vector(addrs, sizeof(addrs), 2, addr, len, pwd_seed) < 0) @@ -220,12 +226,6 @@ static int sae_derive_pwe(struct sae_data *sae, const u8 *addr1, wpa_printf(MSG_DEBUG, "SAE: Use this PWE"); found = 1; } - - if (counter > 200) { - /* This should not happen in practice */ - wpa_printf(MSG_DEBUG, "SAE: Failed to derive PWE"); - break; - } } crypto_ec_point_deinit(pwe_tmp, 1);