From: Jouni Malinen Date: Sat, 10 Oct 2015 15:38:37 +0000 (+0300) Subject: Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding X-Git-Tag: hostap_2_6~1552 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a55c9b4112d009f68203d2cb75fed2a738299e5;p=thirdparty%2Fhostap.git Fix MSCHAP UTF-8 to UCS-2 conversion check for three-byte encoding The utf8_string_len comparison was off by one and ended up accepting a truncated three-byte encoded UTF-8 character at the end of the string if the octet was missing. Since the password string gets null terminated in the configuration, this did not result in reading beyond the buffer, but anyway, it is better to explicitly reject the string rather than try to use an incorrectly encoded UTF-8 string as the password. Signed-off-by: Jouni Malinen --- diff --git a/src/crypto/ms_funcs.c b/src/crypto/ms_funcs.c index 053d203cb..d0d6a96af 100644 --- a/src/crypto/ms_funcs.c +++ b/src/crypto/ms_funcs.c @@ -48,7 +48,7 @@ static int utf8_to_ucs2(const u8 *utf8_string, size_t utf8_string_len, WPA_PUT_LE16(ucs2_buffer + j, ((c & 0x1F) << 6) | (c2 & 0x3F)); j += 2; - } else if (i == utf8_string_len || + } else if (i == utf8_string_len - 1 || j >= ucs2_buffer_size - 1) { /* incomplete surrogate */ return -1;