aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-04-07 08:52:42 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 08:44:18 (GMT)
commitdd3d8578d08660c9bde0fccb0d3cbbd625c9e4f8 (patch)
tree6961db473410b88bc7a9db80ae632c486a2c4b74
parent05e46a944ac6f5667b180e8ff49793e3c45ae6dd (diff)
downloadhostap-dd3d8578d08660c9bde0fccb0d3cbbd625c9e4f8.zip
hostap-dd3d8578d08660c9bde0fccb0d3cbbd625c9e4f8.tar.gz
hostap-dd3d8578d08660c9bde0fccb0d3cbbd625c9e4f8.tar.bz2
P2PS: Check for maximum SSID length in Persistent Group Info
While none of the current users of msg.persistent_ssid{,_len} would have issues with too long SSID value, it is safer to enforce bounds checking on the SSID while parsing the attribute to avoid any potential issues in the future. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/p2p/p2p_parse.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/p2p/p2p_parse.c b/src/p2p/p2p_parse.c
index fd6a461..4613414 100644
--- a/src/p2p/p2p_parse.c
+++ b/src/p2p/p2p_parse.c
@@ -371,9 +371,9 @@ static int p2p_parse_attribute(u8 id, const u8 *data, u16 len,
break;
case P2P_ATTR_PERSISTENT_GROUP:
{
- if (len < ETH_ALEN) {
+ if (len < ETH_ALEN || len > ETH_ALEN + SSID_MAX_LEN) {
wpa_printf(MSG_DEBUG,
- "P2P: Too short Persistent Group Info (length %u)",
+ "P2P: Invalid Persistent Group Info (length %u)",
len);
return -1;
}