aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-19 14:45:33 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 19:05:12 (GMT)
commitca68a8b561c48393c8ba25055ce294caaa3ac008 (patch)
tree159ff4bcb852a0dffa172909df1bfca79e7ae6ce /src/wps
parent6b94f71dcd16d88845759dad90c13d41675da6e9 (diff)
downloadhostap-ca68a8b561c48393c8ba25055ce294caaa3ac008.zip
hostap-ca68a8b561c48393c8ba25055ce294caaa3ac008.tar.gz
hostap-ca68a8b561c48393c8ba25055ce294caaa3ac008.tar.bz2
WPS: Explicitly reject Public Key attribute with unexpected length
There is no need to try to derive DH shared key with a peer that tries to use too short or too long DH Public Key. Previously, such cases ended up implicitly getting rejected by the DH operations failing to produce matching results. That is unnecessarily, so simply reject the message completely if it does not have a Public Key with valid length. Accept couple of octets shorter value to be used to avoid interoperability issues if there are implementations that do not use zero-padding properly. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps_attr_parse.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index a1330de..11a967b 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -484,6 +484,18 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
attr->dev_name_len = len;
break;
case ATTR_PUBLIC_KEY:
+ /*
+ * The Public Key attribute is supposed to be exactly 192 bytes
+ * in length. Allow couple of bytes shorter one to try to
+ * interoperate with implementations that do not use proper
+ * zero-padding.
+ */
+ if (len < 190 || len > 192) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Ignore Public Key with unexpected length %u",
+ len);
+ break;
+ }
attr->public_key = pos;
attr->public_key_len = len;
break;