diff options
Diffstat (limited to 'contrib/hostapd/wpa.c')
| -rw-r--r-- | contrib/hostapd/wpa.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/contrib/hostapd/wpa.c b/contrib/hostapd/wpa.c index e357a85..c0948e8 100644 --- a/contrib/hostapd/wpa.c +++ b/contrib/hostapd/wpa.c @@ -1416,6 +1416,14 @@ void wpa_receive(struct hostapd_data *hapd, struct sta_info *sta, key = (struct wpa_eapol_key *) (hdr + 1); key_info = ntohs(key->key_info); key_data_length = ntohs(key->key_data_length); + if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { + wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " + "key_data overflow (%d > %lu)", + key_data_length, + (unsigned long) (data_len - sizeof(*hdr) - + sizeof(*key))); + return; + } /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys * are set */ |
