Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Check hmac_md5() result in radius_msg_verify_msg_auth()

This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where memcmp is used after failed
hmac_md5() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 8 years ago
parent
05dad946b3
commit
38eee0f599
1 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      src/radius/radius.c

+ 3 - 2
src/radius/radius.c
View File 

@@ -818,8 +818,9 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
 
 		os_memcpy(msg->hdr->authenticator, req_auth,
 
 			  sizeof(msg->hdr->authenticator));
 
 	}
 
-	hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
 
-		 wpabuf_len(msg->buf), auth);
 
+	if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
 
+		     wpabuf_len(msg->buf), auth) < 0)
 
+		return 1;
 
 	os_memcpy(attr + 1, orig, MD5_MAC_LEN);
 
 	if (req_auth) {
 
 		os_memcpy(msg->hdr->authenticator, orig_authenticator,