MKA: Handle unaligned CKN length

author Michael Braun <michael.braun@fem.tu-ilmenau.de>

Thu, 17 Aug 2017 21:51:58 +0000 (23:51 +0200)

committer Jouni Malinen <j@w1.fi>

Tue, 25 Dec 2018 15:29:15 +0000 (17:29 +0200)
author Michael Braun <michael.braun@fem.tu-ilmenau.de>
Thu, 17 Aug 2017 21:51:58 +0000 (23:51 +0200)
committer Jouni Malinen <j@w1.fi>
Tue, 25 Dec 2018 15:29:15 +0000 (17:29 +0200)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c

index cda23fcab41aa925e7e972ce4d7941cb4fa35db4..b3357c26be01643b5c1bfe1962d902725d707264 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -704,9 +704,10 @@ ieee802_1x_mka_encode_basic_body(
  {
         struct ieee802_1x_mka_basic_body *body;
         struct ieee802_1x_kay *kay = participant->kay;
-       unsigned int length = ieee802_1x_mka_basic_body_length(participant);
+       unsigned int length = sizeof(struct ieee802_1x_mka_basic_body);
  
-       body = wpabuf_put(buf, length);
+       length += participant->ckn.len;
+       body = wpabuf_put(buf, MKA_ALIGN_LENGTH(length));
  
         body->version = kay->mka_version;
         body->priority = kay->actor_priority;
@@ -978,8 +979,8 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
  
         for (pos = mka_msg, left_len = msg_len;
              left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
-            left_len -= body_len + MKA_HDR_LEN,
-                    pos += body_len + MKA_HDR_LEN) {
+            left_len -= MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN,
+                    pos += MKA_ALIGN_LENGTH(body_len) + MKA_HDR_LEN) {
                 hdr = (struct ieee802_1x_mka_hdr *) pos;
                 body_len = get_mka_param_body_len(hdr);
                 body_type = get_mka_param_body_type(hdr);
@@ -1747,7 +1748,7 @@ ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
         left_len = msg_len;
         while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
                 hdr = (struct ieee802_1x_mka_hdr *) pos;
-               body_len = get_mka_param_body_len(hdr);
+               body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
                 body_type = get_mka_param_body_type(hdr);
  
                 if (left_len < (body_len + MKA_HDR_LEN))
@@ -3011,7 +3012,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
  
         /* to skip basic parameter set */
         hdr = (struct ieee802_1x_mka_hdr *) pos;
-       body_len = get_mka_param_body_len(hdr);
+       body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
         pos += body_len + MKA_HDR_LEN;
         left_len -= body_len + MKA_HDR_LEN;
  
@@ -3051,7 +3052,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
              pos += body_len + MKA_HDR_LEN,
                      left_len -= body_len + MKA_HDR_LEN) {
                 hdr = (struct ieee802_1x_mka_hdr *) pos;
-               body_len = get_mka_param_body_len(hdr);
+               body_len = MKA_ALIGN_LENGTH(get_mka_param_body_len(hdr));
                 body_type = get_mka_param_body_type(hdr);
  
                 if (body_type == MKA_ICV_INDICATOR)
author	Michael Braun <michael.braun@fem.tu-ilmenau.de>
	Thu, 17 Aug 2017 21:51:58 +0000 (23:51 +0200)
committer	Jouni Malinen <j@w1.fi>
	Tue, 25 Dec 2018 15:29:15 +0000 (17:29 +0200)