@@ -460,23 +460,40 @@ static void decode_tunnel_passwords(struct hostapd_data *hapd,
*/
if (passphrase == NULL)
break;
+
+ /*
+ * Passphase should be 8..63 chars (to be hashed with ssid)
+ * or 64 chars hex string (already hashed with ssid)
+ */
+
+ if (passphraselen < 8 || passphraselen > PASSPHRASE_LEN)
+ continue;
+
/*
* passphrase does not contain the NULL termination.
* Add it here as pbkdf2_sha1() requires it.
*/
psk = os_zalloc(sizeof(struct hostapd_sta_wpa_psk_short));
if (psk) {
- if (passphraselen > PASSPHRASE_LEN - 1)
- os_memcpy(psk->passphrase, passphrase,
- PASSPHRASE_LEN - 1);
- else
+ if ((passphraselen == PASSPHRASE_LEN) &&
+ (hexstr2bin(passphrase, psk->psk, PMK_LEN) < 0)) {
+ hostapd_logger(hapd, cache->addr,
+ HOSTAPD_MODULE_RADIUS,
+ HOSTAPD_LEVEL_WARNING,
+ "invalid hex string (%d chars) "
+ "in Tunnel-Password",
+ passphraselen);
+ goto skip;
+ } else if (passphraselen < PASSPHRASE_LEN) {
os_memcpy(psk->passphrase, passphrase,
passphraselen);
- psk->ispassphrase = 1;
+ psk->ispassphrase = 1;
+ }
psk->next = cache->psk;
cache->psk = psk;
psk = NULL;
}
+skip:
os_free(psk);
os_free(passphrase);
}