From f981ce7298e6cf6fe1480605e53255edaf72dd26 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 29 Nov 2017 21:40:31 +0200 Subject: [PATCH] DPP: Do not continue if public key hash derivation fails sha256_vector() result was ignored apart from printing out the failure in the debug log. This is not really a normal case and it is better to reject the full operation rather than try to continue with an incorrect public key hash value. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index 6927be08a..d8cb45874 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -1352,11 +1352,12 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, addr[0] = wpabuf_head(der); len = wpabuf_len(der); res = sha256_vector(1, addr, &len, bi->pubkey_hash); - if (res < 0) + if (res < 0) { wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); - else - wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash, - SHA256_MAC_LEN); + goto fail; + } + wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash, + SHA256_MAC_LEN); base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len); wpabuf_free(der);