diff options
| author | Mikael Kanstrup <mikael.kanstrup@sony.com> | 2019-03-23 22:15:27 +0100 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2019-04-10 02:20:04 +0000 |
| commit | e64976d33af4d2e93db22cfd47a4ac95e345bc65 (patch) | |
| tree | 50f9689290678414f3940414055aa9e7edf4f9e7 | |
| parent | 4dda4bac178debe04eac081aa23a951e807f6d31 (diff) | |
ieee80211: Fix some coverity scan issues
Fix coverity scan issues:
- Insecure data handling (CID 1444231)
- Unchecked return value (CID 1444234)
Introduced by:
9cf77ec5e1 ieee80211: Support decrypting WPA3-Personal / SAE captures
Change-Id: I8eb581750d2b0519f03f92873433f79409b0386b
Reviewed-on: https://code.wireshark.org/review/32546
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
| -rw-r--r-- | epan/crypt/dot11decrypt.c | 10 | ||||
| -rw-r--r-- | wsutil/wsgcrypt.c | 4 |
2 files changed, 10 insertions, 4 deletions
diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c index 5395db9638..da84689d43 100644 --- a/epan/crypt/dot11decrypt.c +++ b/epan/crypt/dot11decrypt.c @@ -1450,21 +1450,26 @@ Dot11DecryptWepMng( static int Dot11DecryptGetRsne( const EAPOL_RSN_KEY *pEAPKey, + const guint tot_len, int *group_cipher, int *cipher, int *akm) { - int key_data_len = pntoh16(&pEAPKey->key_data_len); + guint16 key_data_len = pntoh16(&pEAPKey->key_data_len); int offset = 0; int offset_rsne; int i; - int count; + guint16 count; const guint8 *data = ((const guint8 *)pEAPKey) + sizeof(EAPOL_RSN_KEY); #ifdef DOT11DECRYPT_DEBUG #define MSGBUF_LEN 255 CHAR msgbuf[MSGBUF_LEN]; #endif + if (key_data_len + sizeof(EAPOL_RSN_KEY) > tot_len) { + key_data_len = (guint16)(tot_len - sizeof(EAPOL_RSN_KEY)); + } + while (offset < key_data_len - 2) { guint8 element_id = data[offset]; guint8 length = data[offset + 1]; @@ -1677,6 +1682,7 @@ Dot11DecryptRsna4WHandshake( /* PTK derivation is based on Authentication Key Management Type */ int _U_ group_cipher = -1; Dot11DecryptGetRsne((const EAPOL_RSN_KEY *)(data + offset - 1), + tot_len - (offset - 1), &group_cipher, &cipher, &akm); } diff --git a/wsutil/wsgcrypt.c b/wsutil/wsgcrypt.c index 41d8d1d535..eea3f8b176 100644 --- a/wsutil/wsgcrypt.c +++ b/wsutil/wsgcrypt.c @@ -45,9 +45,9 @@ gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t l return result; } gcry_mac_write(cmac_handle, buffer, length); - gcry_mac_read(cmac_handle, digest, &keylen); + result = gcry_mac_read(cmac_handle, digest, &keylen); gcry_mac_close(cmac_handle); - return GPG_ERR_NO_ERROR; + return result; } #else gcry_error_t ws_cmac_buffer(int algo _U_, void *digest _U_, const void *buffer _U_, size_t length _U_, const void *key _U_, size_t keylen _U_) |