aboutsummaryrefslogtreecommitdiffstats
path: root/src/common
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2020-03-15 21:24:18 (GMT)
committerJouni Malinen <j@w1.fi>2020-03-15 21:24:18 (GMT)
commita1afa2df8a521bce88f1e0b13dc6650be0e69494 (patch)
tree8da5268d2c3bc7ca7f0df38da94e8285e6a76c34 /src/common
parent094c9cdc7e17666532ec248998d2bf46b09c5f24 (diff)
downloadhostap-a1afa2df8a521bce88f1e0b13dc6650be0e69494.zip
hostap-a1afa2df8a521bce88f1e0b13dc6650be0e69494.tar.gz
hostap-a1afa2df8a521bce88f1e0b13dc6650be0e69494.tar.bz2
Remove unnecessary and confusing length check from the PMKID KDE case
wpa_parse_kde_ies(), i.e., the only caller to wpa_parse_generic(), verifies that there is room for KDE Length field and pos[1] (that length) octets of payload in the Key Data buffer. The PMKID KDE case within wpa_parse_generic() was doing an unnecessary separate check for there being room for the Length, OUI, and Data Type fields. This is covered by the check in the calling function with the combination of verifying that pos[1] is large enough to contain RSN_SELECTOR_LEN + PMKID_LEN octets of payload. This is confusing since no other KDE case was checking remaining full buffer room within wpa_parse_generic(). Clean this up by removing the unnecessary check from the PMKID KDE case so that all KDEs are handled consistently. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/common')
-rw-r--r--src/common/wpa_common.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index e8a4a2b..aaeb130 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -2681,12 +2681,10 @@ static int wpa_parse_vendor_specific(const u8 *pos, const u8 *end,
/**
* wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
* @pos: Pointer to the IE header
- * @end: Pointer to the end of the Key Data buffer
* @ie: Pointer to parsed IE data
* Returns: 0 on success, 1 if end mark is found, -1 on failure
*/
-static int wpa_parse_generic(const u8 *pos, const u8 *end,
- struct wpa_eapol_ie_parse *ie)
+static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie)
{
if (pos[1] == 0)
return 1;
@@ -2708,8 +2706,7 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
return 0;
}
- if (1 + RSN_SELECTOR_LEN < end - pos &&
- pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
+ if (pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
wpa_hexdump(MSG_DEBUG, "WPA: PMKID in EAPOL-Key",
@@ -2895,7 +2892,7 @@ int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
ie->supp_oper_classes_len = pos[1];
}
} else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
- ret = wpa_parse_generic(pos, end, ie);
+ ret = wpa_parse_generic(pos, ie);
if (ret < 0)
break;
if (ret > 0) {