aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2013-12-29 13:59:31 (GMT)
committerJouni Malinen <j@w1.fi>2013-12-29 15:18:17 (GMT)
commit4414d9ee95941f50d07189cf59ea7dfcbc401b02 (patch)
treeb59ccd406539bd67c4434b31da8a45989d8d41fc /src
parent2bb9e28336dd2dbd1bf285ef06708e3ea7a0c3fe (diff)
downloadhostap-4414d9ee95941f50d07189cf59ea7dfcbc401b02.zip
hostap-4414d9ee95941f50d07189cf59ea7dfcbc401b02.tar.gz
hostap-4414d9ee95941f50d07189cf59ea7dfcbc401b02.tar.bz2
SAE: Fix ECC element y coordinate validation step
prime_len was added to the start pointer twice and because of this, the actual y coordinate was not verified to be valid. This could also result in reading beyond the buffer in some cases. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src')
-rw-r--r--src/common/sae.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common/sae.c b/src/common/sae.c
index c806b9f..08bf054 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -802,7 +802,7 @@ static u16 sae_parse_commit_element_ecc(struct sae_data *sae, const u8 *pos,
/* element x and y coordinates < p */
if (os_memcmp(pos, prime, sae->tmp->prime_len) >= 0 ||
- os_memcmp(pos + sae->tmp->prime_len + sae->tmp->prime_len, prime,
+ os_memcmp(pos + sae->tmp->prime_len, prime,
sae->tmp->prime_len) >= 0) {
wpa_printf(MSG_DEBUG, "SAE: Invalid coordinates in peer "
"element");