From 67805dc9d17799d1a5274d3dac19abe2c0389423 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Tue, 23 Nov 2021 13:35:48 +0100
Subject: [PATCH] Add missing data length check

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 lib/EAPBase/include/Module.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/EAPBase/include/Module.h b/lib/EAPBase/include/Module.h
index 39ce1b5..e093634 100644
--- a/lib/EAPBase/include/Module.h
+++ b/lib/EAPBase/include/Module.h
@@ -411,6 +411,8 @@ namespace eap
                 throw winstd::win_runtime_error(__FUNCTION__ " Key import failed.");
 
             // Import the 256-bit AES session key.
+            if (size < 268)
+                throw std::invalid_argument(__FUNCTION__ " Encrypted data too short.");
             winstd::crypt_key key_aes;
             if (!CryptImportKey(hProv, reinterpret_cast<LPCBYTE>(data), 268, key_rsa, 0, &key_aes))
                 throw winstd::win_runtime_error(__FUNCTION__ " CryptImportKey failed.");