From: Jouni Malinen <j@w1.fi>
Date: Sat, 21 Jun 2014 09:18:56 +0000 (+0300)
Subject: EAP-SIM': Fix AT_KDF parser to avoid infinite loop
X-Git-Tag: hostap_2_3~255
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3c6b230ddb9703d61af8d8424a9c4288dd24200;p=thirdparty%2Fhostap.git

EAP-SIM': Fix AT_KDF parser to avoid infinite loop

Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
index e1773bf1a..ae0218589 100644
--- a/src/eap_common/eap_sim_common.c
+++ b/src/eap_common/eap_sim_common.c
@@ -893,7 +893,7 @@ int eap_sim_parse_attr(const u8 *start, const u8 *end,
 			if (attr->kdf_count == EAP_AKA_PRIME_KDF_MAX) {
 				wpa_printf(MSG_DEBUG, "EAP-AKA': Too many "
 					   "AT_KDF attributes - ignore this");
-				continue;
+				break;
 			}
 			attr->kdf[attr->kdf_count] = WPA_GET_BE16(apos);
 			attr->kdf_count++;