Pick array sizes based on what they're supposed to hold.

In AirPDcapRsnaPwd2PskStep(), digest[] holds an SSID plus 4 bytes of count, so the size is MAX_SSID_LENGTH plus 4, and digest1[] holds an SHA-1 digest, so the size is SHA1_DIGEST_LEN. That makes it a bit clearer why those are the sizes. Change-Id: I58ed6643f57675375f7f369470d600382323315f Reviewed-on: https://code.wireshark.org/review/8387 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-05-10 11:00:25 -07:00 · 2015-05-10 11:00:25 -07:00 · 7d4e0c73a3
parent c01f369b73
commit 7d4e0c73a3
1 changed files with 9 additions and 4 deletions
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@ -1687,6 +1687,8 @@ AirPDcapRsnaPrfX(
    memcpy(ptk, output, x/8);
 }

+#define MAX_SSID_LENGTH 32 /* maximum SSID length */
+
 static INT
 AirPDcapRsnaPwd2PskStep(
    const guint8 *ppBytes,
@ -1697,14 +1699,17 @@ AirPDcapRsnaPwd2PskStep(
    const INT count,
    UCHAR *output)
 {
-    UCHAR digest[64], digest1[64];
+    UCHAR digest[MAX_SSID_LENGTH+4];  /* SSID plus 4 bytes of count */
+    UCHAR digest1[SHA1_DIGEST_LEN];
    INT i, j;

-    if (ssidLength+4 > 36)
+    if (ssidLength > MAX_SSID_LENGTH) {
+        /* This "should not happen" */
        return AIRPDCAP_RET_UNSUCCESS;
+    }

-    memset(digest, 0, 64);
-    memset(digest1, 0, 64);
+    memset(digest, 0, sizeof digest);
+    memset(digest1, 0, sizeof digest1);

    /* U1 = PRF(P, S || INT(i)) */
    memcpy(digest, ssid, ssidLength);