aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-28 14:20:09 (GMT)
committerJouni Malinen <j@w1.fi>2015-05-03 15:26:50 (GMT)
commitaf185d0b578fc447b1db0b42a03d8b2467decffd (patch)
tree606560850681f5bae9728241203d622b25377a27 /src/wps
parent5acd23f4581da58683f3cf5e36cb71bbe4070bd7 (diff)
downloadhostap-af185d0b578fc447b1db0b42a03d8b2467decffd.zip
hostap-af185d0b578fc447b1db0b42a03d8b2467decffd.tar.gz
hostap-af185d0b578fc447b1db0b42a03d8b2467decffd.tar.bz2
WPS: Extra validation step for HTTP reader
Verify that ncopy parameter to memcpy is not negative. While this is not supposed to be needed, it is a good additional protection against unknown implementation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/httpread.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index d2855e3..3570a1f 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -608,6 +608,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
ncopy = nread;
}
/* Note: should never be 0 */
+ if (ncopy < 0) {
+ wpa_printf(MSG_DEBUG,
+ "httpread: Invalid ncopy=%d", ncopy);
+ goto bad;
+ }
if (ncopy > nread)
ncopy = nread;
os_memcpy(bbp, rbp, ncopy);