IEEE802.1X-2010 section 9.3.1 states that the CKN comprises of 1 to 32
octets, and no further restrictions are placed on it. Therefore change
the code reading the preshared CKN so that these sizes are accepted.
Signed-off-by: Jaap Keuter <jaap.keuter@xxxxxxxxx>
---
wpa_supplicant/config.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 9ef11d86d..a4ff7f998 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -1898,8 +1898,16 @@ static int wpa_config_parse_mka_ckn(const struct parse_data *data,
struct wpa_ssid *ssid, int line,
const char *value)
{
- if (hexstr2bin(value, ssid->mka_ckn, MACSEC_CKN_LEN) ||
- value[MACSEC_CKN_LEN * 2] != '\0') {
+ size_t ckn_str_len = os_strlen(value);
+
+ if (ckn_str_len == 0 || (ckn_str_len & 1) == 1 ||
+ ckn_str_len > MACSEC_CKN_LEN * 2) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid size MKA-CKN '%s'.",
+ line, value);
+ return -1;
+ }
+
+ if (hexstr2bin(value, ssid->mka_ckn, ckn_str_len / 2)) {
wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
line, value);
return -1;
--
2.11.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
