static int *wep_keylens = NULL;
static void init_wepkeys(void);
static int wep_decrypt(guint8 *buf, guint32 len, int key_override);
+#ifndef HAVE_AIRPDCAP
static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len);
-#ifdef HAVE_AIRPDCAP
+#else
/* Davide Schiera (2006-11-26): created function to decrypt WEP and WPA/WPA2 */
static tvbuff_t *try_decrypt(tvbuff_t *tvb, guint32 offset, guint32 len, guint8 *algorithm, guint32 *sec_header, guint32 *sec_trailer);
#endif
/* WPA and return a tvb to the caller to add a new tab. It returns the */
/* algorithm used for decryption (WEP, TKIP, CCMP) and the header and */
/* trailer lengths. */
-static tvbuff_t *try_decrypt(tvbuff_t *tvb, guint32 offset, guint32 len, guint8 *algorithm, guint32 *sec_header, guint32 *sec_trailer) {
+static tvbuff_t *
+try_decrypt(tvbuff_t *tvb, guint32 offset, guint32 len, guint8 *algorithm, guint32 *sec_header, guint32 *sec_trailer) {
const guint8 *enc_data;
guint8 *tmp = NULL;
tvbuff_t *decr_tvb = NULL;
- guint32 dec_caplen;
+ size_t dec_caplen;
guchar dec_data[AIRPDCAP_MAX_CAPLEN];
AIRPDCAP_KEY_ITEM used_key;
{
*algorithm=used_key.KeyType;
switch (*algorithm) {
- case AIRPDCAP_KEY_TYPE_WEP:
- *sec_header=AIRPDCAP_WEP_HEADER;
- *sec_trailer=AIRPDCAP_WEP_TRAILER;
- break;
- case AIRPDCAP_KEY_TYPE_CCMP:
- *sec_header=AIRPDCAP_RSNA_HEADER;
- *sec_trailer=AIRPDCAP_CCMP_TRAILER;
- break;
- case AIRPDCAP_KEY_TYPE_TKIP:
- *sec_header=AIRPDCAP_RSNA_HEADER;
- *sec_trailer=AIRPDCAP_TKIP_TRAILER;
- break;
- default:
- return NULL;
+ case AIRPDCAP_KEY_TYPE_WEP:
+ *sec_header=AIRPDCAP_WEP_HEADER;
+ *sec_trailer=AIRPDCAP_WEP_TRAILER;
+ break;
+ case AIRPDCAP_KEY_TYPE_CCMP:
+ *sec_header=AIRPDCAP_RSNA_HEADER;
+ *sec_trailer=AIRPDCAP_CCMP_TRAILER;
+ break;
+ case AIRPDCAP_KEY_TYPE_TKIP:
+ *sec_header=AIRPDCAP_RSNA_HEADER;
+ *sec_trailer=AIRPDCAP_TKIP_TRAILER;
+ break;
+ default:
+ return NULL;
}
/* allocate buffer for decrypted payload */
return decr_tvb;
}
/* Davide Schiera ----------------------------------------------------------- */
-#endif
+#else
static tvbuff_t *try_decrypt_wep(tvbuff_t *tvb, guint32 offset, guint32 len) {
const guint8 *enc_data;
return decr_tvb;
}
+#endif
#ifdef HAVE_AIRPDCAP
static
AIRPDCAP_KEY_ITEM key;
PAIRPDCAP_KEYS_COLLECTION keys;
decryption_key_t* dk = NULL;
- GByteArray *bytes;
+ GByteArray *bytes = NULL;
gboolean res;
gchar* tmpk = NULL;
bytes = g_byte_array_new();
res = hex_str_to_bytes(dk->key->str, bytes, FALSE);
- if (dk->key->str && res && bytes->len > 0)
+ if (dk->key->str && res && bytes->len > 0 && bytes->len <= AIRPDCAP_WEP_KEY_MAXLEN)
{
/*
- * WEP key is correct (well, the can be even or odd, so it is not
- * a real check, I think... is a check performed somewhere in the
- * AirPDcap function??? )
- */
- memcpy(key.KeyData.Wep.WepKey,bytes->data,bytes->len);
+ * WEP key is correct (well, the can be even or odd, so it is not
+ * a real check, I think... is a check performed somewhere in the
+ * AirPDcap function??? )
+ */
+ memcpy(key.KeyData.Wep.WepKey, bytes->data, bytes->len);
key.KeyData.Wep.WepKeyLen = bytes->len;
keys->Keys[keys->nKeys] = key;
keys->nKeys++;
{
key.KeyType = AIRPDCAP_KEY_TYPE_WPA_PWD;
- /* XXX - Maybe check the lenght passed... */
- memcpy(key.KeyData.Wpa.UserPwd.Passphrase,dk->key->str,dk->key->len+1);
+ /* XXX - This just lops the end if the key off if it's too long.
+ * Should we handle this more gracefully? */
+ strncpy(key.KeyData.Wpa.UserPwd.Passphrase, dk->key->str, AIRPDCAP_WPA_PASSPHRASE_MAX_LEN);
- if(dk->ssid != NULL)
+ key.KeyData.Wpa.UserPwd.SsidLen = 0;
+ if(dk->ssid != NULL && dk->ssid->len <= AIRPDCAP_WPA_SSID_MAX_LEN)
{
- if(dk->ssid->len > 0)
- {
- memcpy(key.KeyData.Wpa.UserPwd.Ssid,dk->ssid->data,dk->ssid->len);
- key.KeyData.Wpa.UserPwd.SsidLen = dk->ssid->len;
- }
- else /* The GString is not NULL, but the 'ssid' name is just "\0" */
- {
- key.KeyData.Wpa.UserPwd.SsidLen = 0;
- }
- }
- else
- {
- key.KeyData.Wpa.UserPwd.SsidLen = 0;
+ memcpy(key.KeyData.Wpa.UserPwd.Ssid, dk->ssid->data, dk->ssid->len);
+ key.KeyData.Wpa.UserPwd.SsidLen = dk->ssid->len;
}
keys->Keys[keys->nKeys] = key;
bytes = g_byte_array_new();
res = hex_str_to_bytes(dk->key->str, bytes, FALSE);
- /* XXX - PAss the correct array of bytes... */
- memcpy(key.KeyData.Wpa.Pmk,bytes->data,bytes->len);
+ /* XXX - Pass the correct array of bytes... */
+ if (bytes-> len <= AIRPDCAP_WPA_PMK_LEN) {
+ memcpy(key.KeyData.Wpa.Pmk, bytes->data, bytes->len);
- keys->Keys[keys->nKeys] = key;
- keys->nKeys++;
+ keys->Keys[keys->nKeys] = key;
+ keys->nKeys++;
+ }
}
}
if(tmpk != NULL) g_free(tmpk);
/* Now set the keys */
AirPDcapSetKeys(&airpdcap_ctx,keys->Keys,keys->nKeys);
- g_free(keys);
+ g_free(keys);
+ if (bytes)
+ g_byte_array_free(bytes, TRUE);
}
#endif