3:32 p.m.
Since l_malloc is used the frame contents are not zero'ed automatically
which could result in random bytes being present in the frame which were
expected to be zero. This poses a problem when calculating the MIC as the
crypto operations are done on the entire frame with the expectation of
the MIC being zero.
---
src/eapol.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/eapol.c b/src/eapol.c
index 9f397d1d..e2c99991 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -706,7 +706,7 @@ static struct eapol_key *eapol_create_common(
struct eapol_key *out_frame = l_malloc(to_alloc + extra_len +
extra_key_len);
- memset(out_frame, 0, to_alloc + extra_len);
+ memset(out_frame, 0, to_alloc + extra_len + extra_key_len);
out_frame->header.protocol_version = protocol;
out_frame->header.packet_type = 0x3;
--
2.34.1
3:35 p.m.
Hi James,
On 3/28/22 17:32, James Prestwood wrote:
Since l_malloc is used the frame contents are not zero'ed
automatically
which could result in random bytes being present in the frame which were
expected to be zero. This poses a problem when calculating the MIC as the
crypto operations are done on the entire frame with the expectation of
the MIC being zero.
---
src/eapol.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Applied, thanks.
Regards,
-Denis
135
days inactive
135
days old
1 comments
2 participants
participants (2)
-
Denis Kenzior -
James Prestwood