diff options
| author | Rui Paulo <rpaulo@FreeBSD.org> | 2015-10-14 04:30:17 +0000 |
|---|---|---|
| committer | Rui Paulo <rpaulo@FreeBSD.org> | 2015-10-14 04:30:17 +0000 |
| commit | b834757ea3bcd1bba3381ff7cab216458d8f7efb (patch) | |
| tree | dadb24e00f30aa959ea0981e649b18c668304498 /src/wps/wps_attr_parse.c | |
| parent | fbffd80fb2ba16c68f799da68a119d5e69643604 (diff) | |
| download | src-test2-b834757ea3bcd1bba3381ff7cab216458d8f7efb.tar.gz src-test2-b834757ea3bcd1bba3381ff7cab216458d8f7efb.zip | |
Notes
Diffstat (limited to 'src/wps/wps_attr_parse.c')
| -rw-r--r-- | src/wps/wps_attr_parse.c | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c index 40bc1ad2d2c5..11a967ba0ef1 100644 --- a/src/wps/wps_attr_parse.c +++ b/src/wps/wps_attr_parse.c @@ -447,25 +447,55 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type, break; case ATTR_MANUFACTURER: attr->manufacturer = pos; - attr->manufacturer_len = len; + if (len > WPS_MANUFACTURER_MAX_LEN) + attr->manufacturer_len = WPS_MANUFACTURER_MAX_LEN; + else + attr->manufacturer_len = len; break; case ATTR_MODEL_NAME: attr->model_name = pos; - attr->model_name_len = len; + if (len > WPS_MODEL_NAME_MAX_LEN) + attr->model_name_len = WPS_MODEL_NAME_MAX_LEN; + else + attr->model_name_len = len; break; case ATTR_MODEL_NUMBER: attr->model_number = pos; - attr->model_number_len = len; + if (len > WPS_MODEL_NUMBER_MAX_LEN) + attr->model_number_len = WPS_MODEL_NUMBER_MAX_LEN; + else + attr->model_number_len = len; break; case ATTR_SERIAL_NUMBER: attr->serial_number = pos; - attr->serial_number_len = len; + if (len > WPS_SERIAL_NUMBER_MAX_LEN) + attr->serial_number_len = WPS_SERIAL_NUMBER_MAX_LEN; + else + attr->serial_number_len = len; break; case ATTR_DEV_NAME: + if (len > WPS_DEV_NAME_MAX_LEN) { + wpa_printf(MSG_DEBUG, + "WPS: Ignore too long Device Name (len=%u)", + len); + break; + } attr->dev_name = pos; attr->dev_name_len = len; break; case ATTR_PUBLIC_KEY: + /* + * The Public Key attribute is supposed to be exactly 192 bytes + * in length. Allow couple of bytes shorter one to try to + * interoperate with implementations that do not use proper + * zero-padding. + */ + if (len < 190 || len > 192) { + wpa_printf(MSG_DEBUG, + "WPS: Ignore Public Key with unexpected length %u", + len); + break; + } attr->public_key = pos; attr->public_key_len = len; break; @@ -485,6 +515,11 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type, attr->num_cred++; break; case ATTR_SSID: + if (len > SSID_MAX_LEN) { + wpa_printf(MSG_DEBUG, + "WPS: Ignore too long SSID (len=%u)", len); + break; + } attr->ssid = pos; attr->ssid_len = len; break; |