PASN: Verify explicitly that elements are present before parsing

Make sure the elements were present before trying to parse them. This
was already done for most cases, but be consistent and check each item
explicitly before use.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index da320bb78b8c32c683a1543a43f3403efd953e20..cadefa8650e3ea6e62abafcc91d5713110fdba19 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2414,7 +2414,7 @@ static int pasn_wd_handle_fils(struct hostapd_data *hapd, struct sta_info *sta,
        }
 
        if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce ||
-           !elems.wrapped_data) {
+           !elems.wrapped_data || !elems.fils_session) {
                wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs");
                return -1;
        }
@@ -2575,7 +2575,8 @@ static void hapd_pasn_update_params(struct hostapd_data *hapd,
                return;
        }
 
-       if (wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
+       if (!elems.rsn_ie ||
+           wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
                                 &rsn_data)) {
                wpa_printf(MSG_DEBUG, "PASN: Failed parsing RNSE");
                return;
@@ -2604,7 +2605,8 @@ static void hapd_pasn_update_params(struct hostapd_data *hapd,
        if (pasn->akmp != WPA_KEY_MGMT_FILS_SHA256 &&
            pasn->akmp != WPA_KEY_MGMT_FILS_SHA384)
                return;
-       if (wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
+       if (!elems.pasn_params ||
+           wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
                                        elems.pasn_params_len + 3,
                                        false, &pasn_params)) {
                wpa_printf(MSG_DEBUG,

diff --git a/src/pasn/pasn_initiator.c b/src/pasn/pasn_initiator.c
index 327516355901c75b48ebd28b5f0387eb067ed110..90733c8cfe1741cea5858a7ec0a863d3596629c9 100644 (file)
--- a/src/pasn/pasn_initiator.c
+++ b/src/pasn/pasn_initiator.c
@@ -1132,6 +1132,11 @@ int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
                goto fail;
        }
 
+       if (!elems.rsn_ie) {
+               wpa_printf(MSG_DEBUG, "PASN: Missing RSNE");
+               goto fail;
+       }
+
        ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
                               &rsn_data);
        if (ret) {

diff --git a/src/pasn/pasn_responder.c b/src/pasn/pasn_responder.c
index cbc9be852ab6c7c3a6b2c82795c5eea68ba793d2..bffff51d991b1be987a9012ff2d06525bc38d28f 100644 (file)
--- a/src/pasn/pasn_responder.c
+++ b/src/pasn/pasn_responder.c
@@ -615,6 +615,12 @@ int handle_auth_pasn_1(struct pasn_data *pasn,
                goto send_resp;
        }
 
+       if (!elems.rsn_ie) {
+               wpa_printf(MSG_DEBUG, "PASN: No RSNE");
+               status = WLAN_STATUS_INVALID_RSNIE;
+               goto send_resp;
+       }
+
        ret = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
                                   &rsn_data);
        if (ret) {