diff options
author | Jimmy Chen <jimmycmchen@google.com> | 2022-08-31 18:47:46 +0800 |
---|---|---|
committer | Jimmy Chen <jimmycmchen@google.com> | 2022-09-02 02:44:54 +0000 |
commit | 1651ba620e34139a4918ded4af6b9788c3d7dca6 (patch) | |
tree | 81189c5469788b712a418517f4df86c1733de433 /src | |
parent | 1e9d915548b69ee3b077b5b10815e9d6534d6b11 (diff) | |
download | wpa_supplicant_8-1651ba620e34139a4918ded4af6b9788c3d7dca6.tar.gz |
eap: fix config realm matching
The source identity for the realm calculation is not set to the current matching one, it results in incorrect realm length and might cause memory access violation.
Bug: 244025119
Test: atest vts
connect to an EAP network with pseudonym
Change-Id: Ie7031f2f889e3c66b74c6d70aec9ba25a24ba5e2
Diffstat (limited to 'src')
-rw-r--r-- | src/eap_peer/eap.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c index 721c9d6b..269d7191 100644 --- a/src/eap_peer/eap.c +++ b/src/eap_peer/eap.c @@ -2850,8 +2850,9 @@ const u8 * eap_get_config_realm(struct eap_sm *sm, size_t *len) { } /* Look for the realm of the anonymous identity. */ - realm = strnchr(config->anonymous_identity, - config->anonymous_identity_len, '@'); + identity = config->anonymous_identity; + identity_len = config->anonymous_identity_len; + realm = strnchr(identity, identity_len, '@'); if (NULL != realm) { wpa_printf(MSG_DEBUG, "Get the realm from anonymous identity."); *len = identity_len - (realm - identity); @@ -2859,8 +2860,9 @@ const u8 * eap_get_config_realm(struct eap_sm *sm, size_t *len) { } /* Look for the realm of the real identity. */ - realm = strnchr(config->imsi_identity, - config->imsi_identity_len, '@'); + identity = config->imsi_identity; + identity_len = config->imsi_identity_len; + realm = strnchr(identity, identity_len, '@'); if (NULL != realm) { wpa_printf(MSG_DEBUG, "Get the realm from IMSI identity."); *len = identity_len - (realm - identity); |