From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 14 Nov 2017 10:50:30 +0000 (+0200)
Subject: Reject PMK-to-PTK derivation with unsupported cipher
X-Git-Tag: hostap_2_7~859
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d624a0702288b2448191e15ad85a2d8b25dacd9;p=thirdparty%2Fhostap.git

Reject PMK-to-PTK derivation with unsupported cipher

There should be no wpa_pmk_to_ptk() calls with the cipher argument
indicating a cipher that is not allowed as a pairwise cipher. However,
it looks like that was possible to happen with wlantest. Check for this
corner case explicitly to avoid generating confusing debug logs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 4bab6b9c1..853594ad9 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -273,6 +273,12 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
 	ptk->kck_len = wpa_kck_len(akmp, pmk_len);
 	ptk->kek_len = wpa_kek_len(akmp, pmk_len);
 	ptk->tk_len = wpa_cipher_key_len(cipher);
+	if (ptk->tk_len == 0) {
+		wpa_printf(MSG_ERROR,
+			   "WPA: Unsupported cipher (0x%x) used in PTK derivation",
+			   cipher);
+		return -1;
+	}
 	ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
 
 	if (wpa_key_mgmt_sha384(akmp)) {