diff options
| author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2008-08-25 15:26:15 +0000 |
|---|---|---|
| committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2008-08-25 15:26:15 +0000 |
| commit | 3cc1d9e511b14184f70fc029e5cdb82e9eb4d330 (patch) | |
| tree | 1f57d05f4516c88ab79392ea37e592f63c053b8c /epan/crypt | |
| parent | 61f988cec2d6d4dd9d53a072d08553a380073324 (diff) | |
Add another buffer length check to group key decryption.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@26071 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/crypt')
| -rw-r--r-- | epan/crypt/airpdcap.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index 0ea6b6ce12..241ab4c9d7 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -459,6 +459,7 @@ AirPDcapGetSaPtr( return &ctx->sa[sa_index]; } +#define GROUP_KEY_PAYLOAD_LEN (8+4+sizeof(EAPOL_RSN_KEY)) INT AirPDcapScanForGroupKey( PAIRPDCAP_CONTEXT ctx, const guint8 *data, @@ -487,6 +488,11 @@ INT AirPDcapScanForGroupKey( AIRPDCAP_DEBUG_TRACE_START("AirPDcapScanForGroupKey"); + if (mac_header_len + GROUP_KEY_PAYLOAD_LEN < tot_len) { + AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapScanForGroupKey", "Message too short", AIRPDCAP_DEBUG_LEVEL_3); + return AIRPDCAP_RET_NO_VALID_HANDSHAKE; + } + /* cache offset in the packet data */ offset = mac_header_len; |