mka: Avoid reading past the end of mka_body_handler

author Sabrina Dubroca <sd@queasysnail.net>

Tue, 19 Jul 2016 09:56:56 +0000 (11:56 +0200)

committer Jouni Malinen <j@w1.fi>

Sun, 7 Aug 2016 08:42:19 +0000 (11:42 +0300)
author Sabrina Dubroca <sd@queasysnail.net>
Tue, 19 Jul 2016 09:56:56 +0000 (11:56 +0200)
committer Jouni Malinen <j@w1.fi>
Sun, 7 Aug 2016 08:42:19 +0000 (11:42 +0300)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c

index 51983a4..8f88207 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3057,7 +3057,8 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
                         goto next_para_set;
  
                 handled[body_type] = TRUE;
-               if (mak_body_handler[body_type].body_rx) {
+               if (body_type < ARRAY_SIZE(mak_body_handler) &&
+                   mak_body_handler[body_type].body_rx) {
                         mak_body_handler[body_type].body_rx
                                 (participant, pos, left_len);
                 } else {
author	Sabrina Dubroca <sd@queasysnail.net>
	Tue, 19 Jul 2016 09:56:56 +0000 (11:56 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sun, 7 Aug 2016 08:42:19 +0000 (11:42 +0300)