From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Mon, 16 May 2016 17:04:29 +0000 (+0300)
Subject: Check md5_vector() result in radius_msg_verify()
X-Git-Tag: hostap_2_6~482
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=05dad946b39b7da10ac042376eea408e049d45e7;p=thirdparty%2Fhostap.git

Check md5_vector() result in radius_msg_verify()

This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap test case where memcmp is used after failed
md5_vector() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/radius/radius.c b/src/radius/radius.c
index 7bc6f7457..97c8de014 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -862,8 +862,8 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
 	len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr);
 	addr[3] = secret;
 	len[3] = secret_len;
-	md5_vector(4, addr, len, hash);
-	if (os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
+	if (md5_vector(4, addr, len, hash) < 0 ||
+	    os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
 		wpa_printf(MSG_INFO, "Response Authenticator invalid!");
 		return 1;
 	}