aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-11-23 18:57:34 (GMT)
committerJouni Malinen <j@w1.fi>2014-11-23 19:03:40 (GMT)
commitadf96fb66b1f0606b8d4f4f5e01e33a10c95ee07 (patch)
tree7604758d216cc7d7fc3b6d7c43c3e4fa4a5838c8 /src/eap_server
parent5c6787a6cab23c9814db25ef26f5366d4f699330 (diff)
downloadhostap-adf96fb66b1f0606b8d4f4f5e01e33a10c95ee07.zip
hostap-adf96fb66b1f0606b8d4f4f5e01e33a10c95ee07.tar.gz
hostap-adf96fb66b1f0606b8d4f4f5e01e33a10c95ee07.tar.bz2
WPS: Add explicit message length limit of 50000 bytes
Previously, this was implicitly limited by the 16-bit length field to 65535. This resulted in unhelpful static analyzer warnings (CID 62868). Add an explicit (but pretty arbitrary) limit of 50000 bytes to avoid this. The actual WSC messages are significantly shorter in practice, but there is no specific protocol limit, so 50000 is as good as any limit to use here. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/eap_server_wsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c
index 97ec0c0..9d9c28d 100644
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@@ -380,7 +380,7 @@ static void eap_wsc_process(struct eap_sm *sm, void *priv,
message_length = WPA_GET_BE16(pos);
pos += 2;
- if (message_length < end - pos) {
+ if (message_length < end - pos || message_length > 50000) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
"Length");
return;