espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-29 18:27:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

SAE: Reject invalid Rejected Groups element in the parser

Browse Source 
There is no need to depend on all uses (i.e., both hostapd and
wpa_supplicant) to verify that the length of the Rejected Groups field
in the Rejected Groups element is valid (i.e., a multiple of two octets)
since the common parser can reject the message when detecting this.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
2024-09-09 18:51:10 +05:30
committed by BOT
parent fbbd0e29e9
commit 46f3eedcef
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/wpa_supplicant/src/common/sae.c
View File

@ -2063,6 +2063,12 @@ static int sae_parse_rejected_groups(struct sae_data *sae,
epos++; /* skip ext ID */
len--;
if (len & 1) {
wpa_printf(MSG_DEBUG,
"SAE: Invalid length of the Rejected Groups element payload: %u",
len);
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
wpabuf_free(sae->tmp->peer_rejected_groups);
sae->tmp->peer_rejected_groups = wpabuf_alloc(len);
if (!sae->tmp->peer_rejected_groups)