From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 2 Nov 2020 16:46:35 +0000 (+0200)
Subject: Avoid undefined behavior with memcpy PMK/PSK update
X-Git-Tag: hostap_2_10~784
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9fed5f5b5503f286c2ed34e5fc637776587bcdb;p=thirdparty%2Fhostap.git

Avoid undefined behavior with memcpy PMK/PSK update

When SAE is used, the local pointer pmk may point to sm->PMK. Skip the
memcpy operation in such a case since it is not really needed and use of
overlapping memory buffers is undefined behavior for memcpy().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 9d74bfcd7..82a97468d 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3145,7 +3145,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 	sm->pending_1_of_4_timeout = 0;
 	eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm);
 
-	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
+	if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && sm->PMK != pmk) {
 		/* PSK may have changed from the previous choice, so update
 		 * state machine data based on whatever PSK was selected here.
 		 */