aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-19 14:17:37 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 19:05:12 (GMT)
commit6b94f71dcd16d88845759dad90c13d41675da6e9 (patch)
tree116ab5dcaebebdacd6c4eb995ce3e0d9088e268e /src/wps
parentf4b64c603e1f3764c4ffa42b3b7c74c8fa284542 (diff)
downloadhostap-6b94f71dcd16d88845759dad90c13d41675da6e9.zip
hostap-6b94f71dcd16d88845759dad90c13d41675da6e9.tar.gz
hostap-6b94f71dcd16d88845759dad90c13d41675da6e9.tar.bz2
WPS: Truncate variable length string attributes to maximum length
This enforces variable length strings Manufacturer, Model Name, Model Number, and Serial Number to be within the maximum length defined in the WSC specification. While none of the existing users for these within hostapd/wpa_supplicant had problems with longer strings, it is good to ensure the strings are not longer to avoid potential issues at higher layer components. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps_attr_parse.c20
-rw-r--r--src/wps/wps_defs.h4
2 files changed, 20 insertions, 4 deletions
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 2feeb11..a1330de 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -447,19 +447,31 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
break;
case ATTR_MANUFACTURER:
attr->manufacturer = pos;
- attr->manufacturer_len = len;
+ if (len > WPS_MANUFACTURER_MAX_LEN)
+ attr->manufacturer_len = WPS_MANUFACTURER_MAX_LEN;
+ else
+ attr->manufacturer_len = len;
break;
case ATTR_MODEL_NAME:
attr->model_name = pos;
- attr->model_name_len = len;
+ if (len > WPS_MODEL_NAME_MAX_LEN)
+ attr->model_name_len = WPS_MODEL_NAME_MAX_LEN;
+ else
+ attr->model_name_len = len;
break;
case ATTR_MODEL_NUMBER:
attr->model_number = pos;
- attr->model_number_len = len;
+ if (len > WPS_MODEL_NUMBER_MAX_LEN)
+ attr->model_number_len = WPS_MODEL_NUMBER_MAX_LEN;
+ else
+ attr->model_number_len = len;
break;
case ATTR_SERIAL_NUMBER:
attr->serial_number = pos;
- attr->serial_number_len = len;
+ if (len > WPS_SERIAL_NUMBER_MAX_LEN)
+ attr->serial_number_len = WPS_SERIAL_NUMBER_MAX_LEN;
+ else
+ attr->serial_number_len = len;
break;
case ATTR_DEV_NAME:
if (len > WPS_DEV_NAME_MAX_LEN) {
diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h
index 5a09063..4334155 100644
--- a/src/wps/wps_defs.h
+++ b/src/wps/wps_defs.h
@@ -42,6 +42,10 @@ extern int wps_corrupt_pkhash;
#define WPS_OOB_DEVICE_PASSWORD_LEN 32
#define WPS_OOB_PUBKEY_HASH_LEN 20
#define WPS_DEV_NAME_MAX_LEN 32
+#define WPS_MANUFACTURER_MAX_LEN 64
+#define WPS_MODEL_NAME_MAX_LEN 32
+#define WPS_MODEL_NUMBER_MAX_LEN 32
+#define WPS_SERIAL_NUMBER_MAX_LEN 32
/* Attribute Types */
enum wps_attribute {