forked from osmocom/wireshark
Don't try to decrypt with an AES key shorter than 128 bits.
AES keys must be at least 128 bits; AES_unwrap returns a null pointer if handed a too-short key, and we then just dereference that null pointer and crash. Just give up with a too-short key. Bug: 11507 Change-Id: Id1cf0a43c608597a11ff9df40f3654e6ff30619d Reviewed-on: https://code.wireshark.org/review/10422 Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
f6d0e0946e
commit
44a0bafd15
|
@ -328,6 +328,11 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8 *decryption
|
|||
}else if (key_version == AIRPDCAP_WPA_KEY_VER_AES_CCMP){
|
||||
/* AES */
|
||||
key_bytes_len = pntoh16(pEAPKey->key_data_len);
|
||||
|
||||
/* AES keys must be at least 128 bits = 16 bytes. */
|
||||
if (key_bytes_len < 16) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (key_bytes_len > TKIP_GROUP_KEYBYTES_LEN_MAX || key_bytes_len == 0) { /* Don't read past the end of pEAPKey->ie */
|
||||
|
|
Loading…
Reference in New Issue