EAP-SIM': Fix AT_KDF parser to avoid infinite loop

Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index e1773bf1ace9fb1fee5eaf7b72405b9d9660ab5b..ae0218589ce61dad3fdae7edf1aac174de515827 100644 (file)
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -893,7 +893,7 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
                        if (attr->kdf_count == EAP_AKA_PRIME_KDF_MAX) {
                                wpa_printf(MSG_DEBUG, "EAP-AKA': Too many "
                                           "AT_KDF attributes - ignore this");
-                               continue;
+                               break;
                        }
                        attr->kdf[attr->kdf_count] = WPA_GET_BE16(apos);
                        attr->kdf_count++;