Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-pwd peer: Fix asymmetric fragmentation behavior

The L (Length) and M (More) flags needs to be cleared before deciding
whether the locally generated response requires fragmentation. This
fixes an issue where these flags from the server could have been invalid
for the following message. In some cases, this could have resulted in
triggering the wpabuf security check that would terminate the process
due to invalid buffer allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
3035cc2894
commit
28a069a545
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      src/eap_peer/eap_pwd.c

+ 1 - 0
src/eap_peer/eap_pwd.c
View File 

@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
 
 	/*
 
 	 * we have output! Do we need to fragment it?
 
 	 */
 
+	lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
 
 	len = wpabuf_len(data->outbuf);
 
 	if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
 
 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,