Copy PTK key in its dedicated array, and not at the address of the array

While we are at it, put back some debug logs that were removed in g1439eb6 (otherwise msgbuf is no more initialized) Change-Id: Ie34c4f2e638bc3ee77a0565446de37a15385dc0d Reviewed-on: https://code.wireshark.org/review/8389 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2015-05-10 21:16:47 +0200
committer: Pascal Quantin <pascal.quantin@gmail.com> 2015-05-10 19:48:52 +0000
commit: 040641dc598b4d4873171a6700e202f5e8b8c318 (patch)
tree: 53a46d2980190e46fe56ed743a127a4e22556be0 /epan
parent: 19aaa18b2cf569523a1e29bfc72e0cbc3f9a9d9d (diff)
2 files changed, 20 insertions, 4 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c
index 5bf4bd63ba..52e0275937 100644
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@@ -494,7 +494,8 @@ static INT AirPDcapScanForKeys(
 
     const EAPOL_RSN_KEY *pEAPKey;
 #ifdef _DEBUG
-    CHAR msgbuf[255];
+#define MSGBUF_LEN 255
+    CHAR msgbuf[MSGBUF_LEN];
 #endif
     AIRPDCAP_DEBUG_TRACE_START("AirPDcapScanForKeys");
 
@@ -578,6 +579,9 @@ static INT AirPDcapScanForKeys(
         /* get STA address */
         if ( (addr=AirPDcapGetStaAddress((const AIRPDCAP_MAC_FRAME_ADDR4 *)(data))) != NULL) {
             memcpy(id.sta, addr, AIRPDCAP_MAC_LEN);
+#ifdef _DEBUG
+            g_snprintf(msgbuf, MSGBUF_LEN, "ST_MAC: %2X.%2X.%2X.%2X.%2X.%2X\t", id.sta[0],id.sta[1],id.sta[2],id.sta[3],id.sta[4],id.sta[5]);
+#endif
             AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapScanForKeys", msgbuf, AIRPDCAP_DEBUG_LEVEL_3);
         } else {
             AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapScanForKeys", "SA not found", AIRPDCAP_DEBUG_LEVEL_5);
@@ -618,7 +622,8 @@ INT AirPDcapPacketProcess(
     int offset = 0;
 
 #ifdef _DEBUG
-    CHAR msgbuf[255];
+#define MSGBUF_LEN 255
+    CHAR msgbuf[MSGBUF_LEN];
 #endif
 
     AIRPDCAP_DEBUG_TRACE_START("AirPDcapPacketProcess");
@@ -649,6 +654,9 @@ INT AirPDcapPacketProcess(
     /* get BSSID */
     if ( (addr=AirPDcapGetBssidAddress((const AIRPDCAP_MAC_FRAME_ADDR4 *)(data))) != NULL) {
         memcpy(id.bssid, addr, AIRPDCAP_MAC_LEN);
+#ifdef _DEBUG
+        g_snprintf(msgbuf, MSGBUF_LEN, "BSSID: %2X.%2X.%2X.%2X.%2X.%2X\t", id.bssid[0],id.bssid[1],id.bssid[2],id.bssid[3],id.bssid[4],id.bssid[5]);
+#endif
         AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", msgbuf, AIRPDCAP_DEBUG_LEVEL_3);
     } else {
         AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "BSSID not found", AIRPDCAP_DEBUG_LEVEL_5);
@@ -658,6 +666,9 @@ INT AirPDcapPacketProcess(
     /* get STA address */
     if ( (addr=AirPDcapGetStaAddress((const AIRPDCAP_MAC_FRAME_ADDR4 *)(data))) != NULL) {
         memcpy(id.sta, addr, AIRPDCAP_MAC_LEN);
+#ifdef _DEBUG
+        g_snprintf(msgbuf, MSGBUF_LEN, "ST_MAC: %2X.%2X.%2X.%2X.%2X.%2X\t", id.sta[0],id.sta[1],id.sta[2],id.sta[3],id.sta[4],id.sta[5]);
+#endif
         AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", msgbuf, AIRPDCAP_DEBUG_LEVEL_3);
     } else {
         AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "SA not found", AIRPDCAP_DEBUG_LEVEL_5);
@@ -715,6 +726,11 @@ INT AirPDcapPacketProcess(
                     /* force STA address to broadcast MAC so we load the SA for the groupkey */
                     memcpy(id.sta, broadcast_mac, AIRPDCAP_MAC_LEN);
 
+#ifdef _DEBUG
+                    g_snprintf(msgbuf, MSGBUF_LEN, "ST_MAC: %2X.%2X.%2X.%2X.%2X.%2X\t", id.sta[0],id.sta[1],id.sta[2],id.sta[3],id.sta[4],id.sta[5]);
+                    AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", msgbuf, AIRPDCAP_DEBUG_LEVEL_3);
+#endif
+
                     /* search for a cached Security Association for current BSSID and broadcast MAC */
                     sa = AirPDcapGetSaPtr(ctx, &id);
                     if (sa == NULL){
@@ -1037,7 +1053,7 @@ AirPDcapRsnaMng(
 
     if (key!=NULL) {
         memcpy(key, sa->key, sizeof(AIRPDCAP_KEY_ITEM));
-        memcpy(&(key->KeyData.Wpa.Ptk), sa->wpa.ptk, AIRPDCAP_WPA_PTK_LEN); /* copy the PTK to the key structure for future use by wireshark */
+        memcpy(key->KeyData.Wpa.Ptk, sa->wpa.ptk, AIRPDCAP_WPA_PTK_LEN); /* copy the PTK to the key structure for future use by wireshark */
         if (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_NOT_CCMP)
             key->KeyType=AIRPDCAP_KEY_TYPE_TKIP;
         else if (sa->wpa.key_ver==AIRPDCAP_WPA_KEY_VER_AES_CCMP)
diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c
index a5350b40ed..ca5a047347 100644
--- a/epan/dissectors/packet-ieee80211.c
+++ b/epan/dissectors/packet-ieee80211.c
@@ -17895,7 +17895,7 @@ dissect_ieee80211_common (tvbuff_t *tvb, packet_info *pinfo,
           can_decrypt   = TRUE;
 
           /* Add Key information to packet */
-          bytes_to_hexstr(out_buff, (*&(used_key.KeyData.Wpa.Ptk)+32), AIRPDCAP_TK_LEN); /* TK is stored in PTK at offset 32 bytes and 16 bytes long */
+          bytes_to_hexstr(out_buff, used_key.KeyData.Wpa.Ptk+32, AIRPDCAP_TK_LEN); /* TK is stored in PTK at offset 32 bytes and 16 bytes long */
           out_buff[2*AIRPDCAP_TK_LEN] = '\0';
 
           if (key == 0) { /* encrypted with pairwise key */
author	Pascal Quantin <pascal.quantin@gmail.com>	2015-05-10 21:16:47 +0200
committer	Pascal Quantin <pascal.quantin@gmail.com>	2015-05-10 19:48:52 +0000
commit	040641dc598b4d4873171a6700e202f5e8b8c318 (patch)
tree	53a46d2980190e46fe56ed743a127a4e22556be0 /epan
parent	19aaa18b2cf569523a1e29bfc72e0cbc3f9a9d9d (diff)