(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/crypt/airpdcap.c) |
| |
| 1689 | | | AirPDcapRsnaPwd2PskStep( |
| 1690 | | | const guint8 *ppBytes, |
| 1691 | | | const guint ppLength, |
| 1692 | | | const CHAR *ssid, |
| 1693 | | | const size_t ssidLength, |
| 1694 | | | const INT iterations, |
| 1695 | | | const INT count, |
| 1696 | | | UCHAR *output) |
| 1697 | | | { |
| 1698 | | | UCHAR digest[36], digest1[AIRPDCAP_SHA_DIGEST_LEN]; |
| 1699 | | | INT i, j; |
| 1700 | | | |
| 1701 | | | |
| 1702 | | | memcpy(digest, ssid, ssidLength); |
| 1703 | | | digest[ssidLength] = (UCHAR)((count>>24) & 0xff); |
| 1704 | | | digest[ssidLength+1] = (UCHAR)((count>>16) & 0xff); |
| 1705 | | | digest[ssidLength+2] = (UCHAR)((count>>8) & 0xff); |
| 1706 | | | digest[ssidLength+3] = (UCHAR)(count & 0xff); |
| 1707 | [+] | | sha1_hmac(ppBytes, ppLength, digest, (guint32) ssidLength+4, digest1); |
Event 1:
digest is passed to sha1_hmac() as the third argument. - This points to the buffer that will be overrun later.
hide
|
|
 |
| |