eap: fix config realm matching
The source identity for the realm calculation is not set to the current matching one, it results in incorrect realm length and might cause memory access violation.
Bug: 244025119
Test: atest vts
connect to an EAP network with pseudonym
Change-Id: Ie7031f2f889e3c66b74c6d70aec9ba25a24ba5e2
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 721c9d6..269d719 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2850,8 +2850,9 @@
}
/* Look for the realm of the anonymous identity. */
- realm = strnchr(config->anonymous_identity,
- config->anonymous_identity_len, '@');
+ identity = config->anonymous_identity;
+ identity_len = config->anonymous_identity_len;
+ realm = strnchr(identity, identity_len, '@');
if (NULL != realm) {
wpa_printf(MSG_DEBUG, "Get the realm from anonymous identity.");
*len = identity_len - (realm - identity);
@@ -2859,8 +2860,9 @@
}
/* Look for the realm of the real identity. */
- realm = strnchr(config->imsi_identity,
- config->imsi_identity_len, '@');
+ identity = config->imsi_identity;
+ identity_len = config->imsi_identity_len;
+ realm = strnchr(identity, identity_len, '@');
if (NULL != realm) {
wpa_printf(MSG_DEBUG, "Get the realm from IMSI identity.");
*len = identity_len - (realm - identity);