aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSam Leffler <sleffler@chromium.org>2012-01-22 10:00:44 (GMT)
committerJouni Malinen <j@w1.fi>2012-01-22 10:02:09 (GMT)
commitf9121813d75f5d21c786eaa94f108463d64a2ace (patch)
treee849fe99ced8a647517a482effa9d3ba8a00c7d8
parent8017b538e70f2c27feefb8746ae1f876d2c42f37 (diff)
downloadhostap-f9121813d75f5d21c786eaa94f108463d64a2ace.zip
hostap-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.gz
hostap-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.bz2
dbus: Validate SSID length in new D-Bus scan request
Validate the length of each SSID passed in a new D-Bus protocol Scan request.
-rw-r--r--wpa_supplicant/dbus/dbus_new_handlers.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index e3526d4..f90c060 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -921,6 +921,16 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var,
dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
+ if (len > MAX_SSID_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "wpas_dbus_handler_scan[dbus]: "
+ "SSID too long (len=%d max_len=%d)",
+ len, MAX_SSID_LEN);
+ *reply = wpas_dbus_error_invalid_args(
+ message, "Invalid SSID: too long");
+ return -1;
+ }
+
if (len != 0) {
ssid = os_malloc(len);
if (ssid == NULL) {