ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13618 from felipeLeast/invalid_memory 

nanostack: fix invalid memory access on memcpy
pull/13666/head
Martin Kojtal 2020-09-21 11:33:17 +01:00 committed by GitHub
parent 75f1381a86 f2ac70318a
commit a7978d41c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
features/nanostack/sal-stack-nanostack/source/Security/protocols/sec_prot_lib.c
View File

@ -373,19 +373,23 @@ uint8_t *sec_prot_lib_message_handle(uint8_t *ptk, uint16_t *kde_len, eapol_pdu_
uint8_t *kde = ns_dyn_mem_temporary_alloc(key_data_len);
*kde_len = key_data_len;
if (eapol_pdu->msg.key.key_information.encrypted_key_data) {
size_t output_len = eapol_pdu->msg.key.key_data_length;
if (nist_aes_key_wrap(0, &ptk[KEK_INDEX], 128, key_data, key_data_len, kde, &output_len) < 0 || output_len != (size_t) key_data_len - 8) {
tr_error("Decrypt failed");
ns_dyn_mem_free(kde);
return NULL;
if (kde) {
if (eapol_pdu->msg.key.key_information.encrypted_key_data) {
size_t output_len = eapol_pdu->msg.key.key_data_length;
if (nist_aes_key_wrap(0, &ptk[KEK_INDEX], 128, key_data, key_data_len, kde, &output_len) < 0 || output_len != (size_t) key_data_len - 8) {
tr_error("Decrypt failed");
ns_dyn_mem_free(kde);
return NULL;
}
*kde_len = output_len;
} else {
memcpy(kde, key_data, *kde_len);
}
*kde_len = output_len;
} else {
memcpy(kde, key_data, *kde_len);
return kde;
}
return kde;
return NULL;
}
int8_t sec_prot_lib_gtk_read(uint8_t *kde, uint16_t kde_len, sec_prot_keys_t *sec_keys)