Enforce non-zero MPPE key length

author Jouni Malinen <j@w1.fi>

Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)

committer Jouni Malinen <j@w1.fi>

Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)
author Jouni Malinen <j@w1.fi>
Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)
committer Jouni Malinen <j@w1.fi>
Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)
diff --git a/src/radius/radius.c b/src/radius/radius.c

index cc0d6eb..feaecd4 100644 (file)
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -803,6 +803,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
         ppos = plain = os_malloc(plen);
         if (plain == NULL)
                 return NULL;
+       plain[0] = 0;
  
         while (left > 0) {
                 /* b(1) = MD5(Secret + Request-Authenticator + Salt)
@@ -827,7 +828,7 @@ static u8 * decrypt_ms_key(const u8 *key, size_t len,
                 left -= MD5_MAC_LEN;
         }
  
-       if (plain[0] > plen - 1) {
+       if (plain[0] == 0 || plain[0] > plen - 1) {
                 printf("Failed to decrypt MPPE key\n");
                 os_free(plain);
                 return NULL;
author	Jouni Malinen <j@w1.fi>
	Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)
committer	Jouni Malinen <j@w1.fi>
	Thu, 28 Feb 2008 01:49:24 +0000 (17:49 -0800)