aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-05-16 17:04:29 (GMT)
committerJouni Malinen <j@w1.fi>2016-05-16 17:07:53 (GMT)
commit05dad946b39b7da10ac042376eea408e049d45e7 (patch)
tree71cce6e84266578fc5adbeb305030418043dbe3d /src/radius
parentaae125e2cff0fe4da509ab0b0232ba890cf5bb1d (diff)
downloadhostap-05dad946b39b7da10ac042376eea408e049d45e7.zip
hostap-05dad946b39b7da10ac042376eea408e049d45e7.tar.gz
hostap-05dad946b39b7da10ac042376eea408e049d45e7.tar.bz2
Check md5_vector() result in radius_msg_verify()
This gets rid of a valgrind warning on uninitialized memory read in the hostapd_oom_wpa2_eap test case where memcmp is used after failed md5_vector() call. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/radius/radius.c b/src/radius/radius.c
index 7bc6f74..97c8de0 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -862,8 +862,8 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr);
addr[3] = secret;
len[3] = secret_len;
- md5_vector(4, addr, len, hash);
- if (os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
+ if (md5_vector(4, addr, len, hash) < 0 ||
+ os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "Response Authenticator invalid!");
return 1;
}