Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

MACsec: Check os_get_random() return value

This makes the MACsec implementation more consistent with rest of
wpa_supplicant. (CID 72677, CID 72695, CID 72701, CID 72709, CID 72711)

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
93da049851
commit
533d7fb7b7
1 changed files with 18 additions and 7 deletions
Split View Show Diff Stats
  1. 18 7
      src/pae/ieee802_1x_kay.c

+ 18 - 7
src/pae/ieee802_1x_kay.c
View File 

@@ -729,7 +729,8 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
 
 
 	/* If the peer's MI is my MI, I will choose new MI */
 
 	if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
 
-		os_get_random(participant->mi, sizeof(participant->mi));
 
+		if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
 
+			return NULL;
 
 		participant->mn = 0;
 
 	}
 
 
@@ -1003,8 +1004,10 @@ static int ieee802_1x_mka_decode_live_peer_body(
 
 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
 
 			/* My message id is used by other participant */
 
 			if (peer_mn > participant->mn) {
 
-				os_get_random(participant->mi,
 
-					      sizeof(participant->mi));
 
+				if (os_get_random(participant->mi,
 
+						  sizeof(participant->mi)) < 0)
 
+					wpa_printf(MSG_DEBUG,
 
+						   "KaY: Could not update mi");
 
 				participant->mn = 0;
 
 			}
 
 			continue;
 
@@ -1054,8 +1057,10 @@ ieee802_1x_mka_decode_potential_peer_body(
 
 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
 
 			/* My message id is used by other participant */
 
 			if (peer_mn > participant->mn) {
 
-				os_get_random(participant->mi,
 
-					      sizeof(participant->mi));
 
+				if (os_get_random(participant->mi,
 
+						  sizeof(participant->mi)) < 0)
 
+					wpa_printf(MSG_DEBUG,
 
+						   "KaY: Could not update mi");
 
 				participant->mn = 0;
 
 			}
 
 			continue;
 
@@ -1998,7 +2003,12 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
 
 		return -1;
 
 	}
 
 	ctx_offset = 0;
 
-	os_get_random(context + ctx_offset, conf->key_len);
 
+	if (os_get_random(context + ctx_offset, conf->key_len) < 0) {
 
+		os_free(context);
 
+		os_free(conf->key);
 
+		os_free(conf);
 
+		return -1;
 
+	}
 
 	ctx_offset += conf->key_len;
 
 	dl_list_for_each(peer, &participant->live_peers,
 
 			 struct ieee802_1x_kay_peer, list) {
 
@@ -3325,7 +3335,8 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
 
 	participant->retry_count = 0;
 
 	participant->kay = kay;
 
 
-	os_get_random(participant->mi, sizeof(participant->mi));
 
+	if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
 
+		goto fail;
 
 	participant->mn = 0;
 
 
 	participant->lrx = FALSE;