Add missing data length check

Signed-off-by: Simon Rozman <simon@rozman.si>
2021-11-23 13:35:48 +01:00 · 2021-11-23 13:35:48 +01:00 · 67805dc9d1
commit 67805dc9d1
parent 83ad0ef45d
1 changed files with 2 additions and 0 deletions
--- a/lib/EAPBase/include/Module.h
+++ b/lib/EAPBase/include/Module.h
@ -411,6 +411,8 @@ namespace eap
                throw winstd::win_runtime_error(__FUNCTION__ " Key import failed.");

            // Import the 256-bit AES session key.
+            if (size < 268)
+                throw std::invalid_argument(__FUNCTION__ " Encrypted data too short.");
            winstd::crypt_key key_aes;
            if (!CryptImportKey(hProv, reinterpret_cast<LPCBYTE>(data), 268, key_rsa, 0, &key_aes))
                throw winstd::win_runtime_error(__FUNCTION__ " CryptImportKey failed.");