Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Verify that Wrapped Data attribute is the last one in the message

Do not allow any additional attributes to be included after the Wrapped
Data attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
60239f60a6
commit
0c881807b5
1 changed files with 8 additions and 0 deletions
Split View Show Diff Stats
  1. 8 0
      src/common/dpp.c

+ 8 - 0
src/common/dpp.c
View File 

@@ -527,6 +527,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len)
 
 int dpp_check_attrs(const u8 *buf, size_t len)
 
 {
 
 	const u8 *pos, *end;
 
+	int wrapped_data = 0;
 
 
 	pos = buf;
 
 	end = buf + len;
 
@@ -544,6 +545,13 @@ int dpp_check_attrs(const u8 *buf, size_t len)
 
 				   "DPP: Truncated message - not enough room for the attribute - dropped");
 
 			return -1;
 
 		}
 
+		if (wrapped_data) {
 
+			wpa_printf(MSG_DEBUG,
 
+				   "DPP: An unexpected attribute included after the Wrapped Data attribute");
 
+			return -1;
 
+		}
 
+		if (id == DPP_ATTR_WRAPPED_DATA)
 
+			wrapped_data = 1;
 
 		pos += alen;
 
 	}