|
|
@@ -803,6 +803,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
|
|
|
ppos = plain = os_malloc(plen);
|
|
|
if (plain == NULL)
|
|
|
return NULL;
|
|
|
+ plain[0] = 0;
|
|
|
|
|
|
while (left > 0) {
|
|
|
|
|
|
@@ -827,7 +828,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
|
|
|
left -= MD5_MAC_LEN;
|
|
|
}
|
|
|
|
|
|
- if (plain[0] > plen - 1) {
|
|
|
+ if (plain[0] == 0 || plain[0] > plen - 1) {
|
|
|
printf("Failed to decrypt MPPE key\n");
|
|
|
os_free(plain);
|
|
|
return NULL;
|
Jouni Malinen