From: Jouni Malinen <j@w1.fi>
Date: Thu, 28 Feb 2008 01:49:24 +0000 (-0800)
Subject: Enforce non-zero MPPE key length
X-Git-Tag: hostap_0_6_4~143
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=380da72b80f3ea79747d762163d57350dab541b2;p=thirdparty%2Fhostap.git

Enforce non-zero MPPE key length
---

diff --git a/src/radius/radius.c b/src/radius/radius.c
index cc0d6eb67..feaecd4e1 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -803,6 +803,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 	ppos = plain = os_malloc(plen);
 	if (plain == NULL)
 		return NULL;
+	plain[0] = 0;
 
 	while (left > 0) {
 		/* b(1) = MD5(Secret + Request-Authenticator + Salt)
@@ -827,7 +828,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
 		left -= MD5_MAC_LEN;
 	}
 
-	if (plain[0] > plen - 1) {
+	if (plain[0] == 0 || plain[0] > plen - 1) {
 		printf("Failed to decrypt MPPE key\n");
 		os_free(plain);
 		return NULL;