aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-04-07 09:10:50 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 08:44:18 (GMT)
commit65b10253d62eba5badc2d5d1a2433e3b3d00f215 (patch)
treeac027bf63c738e74bbe0e088b1d4a2c887cd8016 /src/wps
parentcc6f24380cdd2f696affc43b38f4b549792d8933 (diff)
downloadhostap-65b10253d62eba5badc2d5d1a2433e3b3d00f215.zip
hostap-65b10253d62eba5badc2d5d1a2433e3b3d00f215.tar.gz
hostap-65b10253d62eba5badc2d5d1a2433e3b3d00f215.tar.bz2
WPS: Ignore too long Device Name attribute
While it looks like all the users of this parsed attribute were able to handle longer Device Name values, there is no valid use case for these and to avoid any potential issues in upper layer components, enforce maximum length (32 bytes) on the Device Name during parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps_attr_parse.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 40bc1ad..5031f2e 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -462,6 +462,12 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
attr->serial_number_len = len;
break;
case ATTR_DEV_NAME:
+ if (len > WPS_DEV_NAME_MAX_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "WPS: Ignore too long Device Name (len=%u)",
+ len);
+ break;
+ }
attr->dev_name = pos;
attr->dev_name_len = len;
break;