PeerKey: Clean up EAPOL-Key Key Data processing on AP

This extends the earlier PeerKey station side design to be used on the
AP side as well by passing pointer and already validated length from the
caller rather than parsing the length again from the frame buffer. This
avoids false warnings from static analyzer (CID 62870, CID 62871,
CID 62872).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/peerkey_auth.c b/src/ap/peerkey_auth.c
index 612babc67e8504236be99f77832c02eb05027e15..efc1d7e4c78f0dcdfa75c90e268e9c3f24ccc6ec 100644 (file)
--- a/src/ap/peerkey_auth.c
+++ b/src/ap/peerkey_auth.c
@@ -79,15 +79,15 @@ static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth,
 
 
 void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
-               struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+               struct wpa_state_machine *sm, struct wpa_eapol_key *key,
+               const u8 *key_data, size_t key_data_len)
 {
        struct wpa_eapol_ie_parse kde;
        struct wpa_stsl_search search;
        u8 *buf, *pos;
        size_t buf_len;
 
-       if (wpa_parse_kde_ies((const u8 *) (key + 1),
-                             WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+       if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
                wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1");
                return;
        }
@@ -253,14 +253,14 @@ static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth,
 
 
 void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
-               struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+               struct wpa_state_machine *sm, struct wpa_eapol_key *key,
+               const u8 *key_data, size_t key_data_len)
 {
        struct wpa_eapol_ie_parse kde;
        struct wpa_stsl_search search;
        u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos;
 
-       if (wpa_parse_kde_ies((const u8 *) (key + 1),
-                             WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+       if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
                wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3");
                return;
        }
@@ -324,15 +324,15 @@ void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
 
 
 void wpa_smk_error(struct wpa_authenticator *wpa_auth,
-                  struct wpa_state_machine *sm, struct wpa_eapol_key *key)
+                  struct wpa_state_machine *sm,
+                  const u8 *key_data, size_t key_data_len)
 {
        struct wpa_eapol_ie_parse kde;
        struct wpa_stsl_search search;
        struct rsn_error_kde error;
        u16 mui, error_type;
 
-       if (wpa_parse_kde_ies((const u8 *) (key + 1),
-                             WPA_GET_BE16(key->key_data_length), &kde) < 0) {
+       if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
                wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
                return;
        }

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 286436dccd79b654de85145d64a17456ad4e9b8e..7acd7ae12c0fdafa85cf11dc1df5dbd0ade779d5 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1239,7 +1239,8 @@ continue_processing:
                 */
                if (msg == SMK_ERROR) {
 #ifdef CONFIG_PEERKEY
-                       wpa_smk_error(wpa_auth, sm, key);
+                       wpa_smk_error(wpa_auth, sm, (const u8 *) (key + 1),
+                                     key_data_length);
 #endif /* CONFIG_PEERKEY */
                        return;
                } else if (key_info & WPA_KEY_INFO_ERROR) {
@@ -1254,7 +1255,8 @@ continue_processing:
                        wpa_request_new_ptk(sm);
 #ifdef CONFIG_PEERKEY
                } else if (msg == SMK_M1) {
-                       wpa_smk_m1(wpa_auth, sm, key);
+                       wpa_smk_m1(wpa_auth, sm, key, (const u8 *) (key + 1),
+                                  key_data_length);
 #endif /* CONFIG_PEERKEY */
                } else if (key_data_length > 0 &&
                           wpa_parse_kde_ies((const u8 *) (key + 1),
@@ -1296,7 +1298,8 @@ continue_processing:
 
 #ifdef CONFIG_PEERKEY
        if (msg == SMK_M3) {
-               wpa_smk_m3(wpa_auth, sm, key);
+               wpa_smk_m3(wpa_auth, sm, key, (const u8 *) (key + 1),
+                          key_data_length);
                return;
        }
 #endif /* CONFIG_PEERKEY */

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 7ce5caf082e258956930245a5df86838e59031c7..478bc955297b84615b0fc7e102af6be862ee90b2 100644 (file)
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -230,11 +230,14 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
 int wpa_stsl_remove(struct wpa_authenticator *wpa_auth,
                    struct wpa_stsl_negotiation *neg);
 void wpa_smk_error(struct wpa_authenticator *wpa_auth,
-                  struct wpa_state_machine *sm, struct wpa_eapol_key *key);
+                  struct wpa_state_machine *sm,
+                  const u8 *key_data, size_t key_data_len);
 void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
-               struct wpa_state_machine *sm, struct wpa_eapol_key *key);
+               struct wpa_state_machine *sm, struct wpa_eapol_key *key,
+               const u8 *key_data, size_t key_data_len);
 void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
-               struct wpa_state_machine *sm, struct wpa_eapol_key *key);
+               struct wpa_state_machine *sm, struct wpa_eapol_key *key,
+               const u8 *key_data, size_t key_data_len);
 #endif /* CONFIG_PEERKEY */
 
 #ifdef CONFIG_IEEE80211R