diff options
| author | Jouni Malinen <jouni@codeaurora.org> | 2019-10-15 12:34:41 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2019-10-15 12:41:13 (GMT) |
| commit | 0b0ed907d19d0cedd02a01804e469abab8c95712 (patch) | |
| tree | 19a00ab6b6a81bdd315eb8dd723203687bac2398 | |
| parent | 8dda97c75812efde6b460f4f312ea616f05816c6 (diff) | |
| download | hostap-pending.zip hostap-pending.tar.gz hostap-pending.tar.bz2 | |
These functions can fail in theory, so verify they succeeded before
comparing the hash values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
| -rw-r--r-- | src/wps/wps_attr_build.c | 9 | ||||
| -rw-r--r-- | src/wps/wps_attr_process.c | 9 |
2 files changed, 11 insertions, 7 deletions
diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c index 4e872f3..5ec7133 100644 --- a/src/wps/wps_attr_build.c +++ b/src/wps/wps_attr_build.c @@ -175,7 +175,9 @@ int wps_build_authenticator(struct wps_data *wps, struct wpabuf *msg) len[0] = wpabuf_len(wps->last_msg); addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg); - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); + if (hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, + hash) < 0) + return -1; wpa_printf(MSG_DEBUG, "WPS: * Authenticator"); wpabuf_put_be16(msg, ATTR_AUTHENTICATOR); @@ -371,8 +373,9 @@ int wps_build_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg) u8 hash[SHA256_MAC_LEN]; wpa_printf(MSG_DEBUG, "WPS: * Key Wrap Authenticator"); - hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), - wpabuf_len(msg), hash); + if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, wpabuf_head(msg), + wpabuf_len(msg), hash) < 0) + return -1; wpabuf_put_be16(msg, ATTR_KEY_WRAP_AUTH); wpabuf_put_be16(msg, WPS_KWA_LEN); diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c index e8c4579..44436a4 100644 --- a/src/wps/wps_attr_process.c +++ b/src/wps/wps_attr_process.c @@ -39,9 +39,10 @@ int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator, len[0] = wpabuf_len(wps->last_msg); addr[1] = wpabuf_head(msg); len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN; - hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash); - if (os_memcmp_const(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) { + if (hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, + hash) < 0 || + os_memcmp_const(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator"); return -1; } @@ -70,8 +71,8 @@ int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg, return -1; } - hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash); - if (os_memcmp_const(hash, key_wrap_auth, WPS_KWA_LEN) != 0) { + if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash) < 0 || + os_memcmp_const(hash, key_wrap_auth, WPS_KWA_LEN) != 0) { wpa_printf(MSG_DEBUG, "WPS: Invalid KWA"); return -1; } |