osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Don't try to decrypt with an AES key shorter than 128 bits. 

AES keys must be at least 128 bits; AES_unwrap returns a null pointer if
handed a too-short key, and we then just dereference that null pointer
and crash.  Just give up with a too-short key.

Bug: 11507
Change-Id: Id1cf0a43c608597a11ff9df40f3654e6ff30619d
Reviewed-on: https://code.wireshark.org/review/10422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2015-09-07 17:46:03 -07:00
parent f6d0e0946e
commit 44a0bafd15
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
epan/crypt/airpdcap.c
View File

@ -328,6 +328,11 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption
}else if (key_version == AIRPDCAP_WPA_KEY_VER_AES_CCMP){
/* AES */
key_bytes_len = pntoh16(pEAPKey->key_data_len);
/* AES keys must be at least 128 bits = 16 bytes. */
if (key_bytes_len < 16) {
return;
}
}
if (key_bytes_len > TKIP_GROUP_KEYBYTES_LEN_MAX || key_bytes_len == 0) { /* Don't read past the end of pEAPKey->ie */