Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding

The utf8_string_len comparison was off by one and ended up accepting a
truncated three-byte encoded UTF-8 character at the end of the string if
the octet was missing. Since the password string gets null terminated in
the configuration, this did not result in reading beyond the buffer, but
anyway, it is better to explicitly reject the string rather than try to
use an incorrectly encoded UTF-8 string as the password.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
d79ce4a6ce
commit
5a55c9b411
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/crypto/ms_funcs.c

+ 1 - 1
src/crypto/ms_funcs.c
View File 

@@ -48,7 +48,7 @@ static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len,
 
 				WPA_PUT_LE16(ucs2_buffer + j,
 
 					     ((c & 0x1F) << 6) | (c2 & 0x3F));
 
 				j += 2;
 
-			} else if (i == utf8_string_len ||
 
+			} else if (i == utf8_string_len - 1 ||
 
 				   j >= ucs2_buffer_size - 1) {
 
 				/* incomplete surrogate */
 
 				return -1;