Message ID | 20170509190449.7947-1-jaap.keuter@xs4all.nl |
---|---|
State | Superseded |
Headers | show |
Hi list, Any comment on this patch? Thanks, Jaap > On 9 May 2017, at 21:04, Jaap Keuter <jaap.keuter@xs4all.nl> wrote: > > IEEE802.1X-2010 section 9.3.1 states that the CKN comprises of 1 to 32 > octets, and no further restrictions are placed on it. Therefore change > the code reading the preshared CKN so that these sizes are accepted. > > Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> > --- > wpa_supplicant/config.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c > index 9ef11d86d..a4ff7f998 100644 > --- a/wpa_supplicant/config.c > +++ b/wpa_supplicant/config.c > @@ -1898,8 +1898,16 @@ static int wpa_config_parse_mka_ckn(const struct parse_data *data, > struct wpa_ssid *ssid, int line, > const char *value) > { > - if (hexstr2bin(value, ssid->mka_ckn, MACSEC_CKN_LEN) || > - value[MACSEC_CKN_LEN * 2] != '\0') { > + size_t ckn_str_len = os_strlen(value); > + > + if (ckn_str_len == 0 || (ckn_str_len & 1) == 1 || > + ckn_str_len > MACSEC_CKN_LEN * 2) { > + wpa_printf(MSG_ERROR, "Line %d: Invalid size MKA-CKN '%s'.", > + line, value); > + return -1; > + } > + > + if (hexstr2bin(value, ssid->mka_ckn, ckn_str_len / 2)) { > wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.", > line, value); > return -1; > -- > 2.11.0 > > > _______________________________________________ > Hostap mailing list > Hostap@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/hostap
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 9ef11d86d..a4ff7f998 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -1898,8 +1898,16 @@ static int wpa_config_parse_mka_ckn(const struct parse_data *data, struct wpa_ssid *ssid, int line, const char *value) { - if (hexstr2bin(value, ssid->mka_ckn, MACSEC_CKN_LEN) || - value[MACSEC_CKN_LEN * 2] != '\0') { + size_t ckn_str_len = os_strlen(value); + + if (ckn_str_len == 0 || (ckn_str_len & 1) == 1 || + ckn_str_len > MACSEC_CKN_LEN * 2) { + wpa_printf(MSG_ERROR, "Line %d: Invalid size MKA-CKN '%s'.", + line, value); + return -1; + } + + if (hexstr2bin(value, ssid->mka_ckn, ckn_str_len / 2)) { wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.", line, value); return -1;
IEEE802.1X-2010 section 9.3.1 states that the CKN comprises of 1 to 32 octets, and no further restrictions are placed on it. Therefore change the code reading the preshared CKN so that these sizes are accepted. Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> --- wpa_supplicant/config.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)