From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Sun, 22 Oct 2017 08:37:56 +0000 (+0300)
Subject: DPP: Verify that Wrapped Data attribute is the last one in the message
X-Git-Tag: hostap_2_7~965
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c881807b5c1305c6003f230181f4b185ce9188c;p=thirdparty%2Fhostap.git

DPP: Verify that Wrapped Data attribute is the last one in the message

Do not allow any additional attributes to be included after the Wrapped
Data attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/common/dpp.c b/src/common/dpp.c
index fa98db2f3..596c81cb3 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -527,6 +527,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len)
 int dpp_check_attrs(const u8 *buf, size_t len)
 {
 	const u8 *pos, *end;
+	int wrapped_data = 0;
 
 	pos = buf;
 	end = buf + len;
@@ -544,6 +545,13 @@ int dpp_check_attrs(const u8 *buf, size_t len)
 				   "DPP: Truncated message - not enough room for the attribute - dropped");
 			return -1;
 		}
+		if (wrapped_data) {
+			wpa_printf(MSG_DEBUG,
+				   "DPP: An unexpected attribute included after the Wrapped Data attribute");
+			return -1;
+		}
+		if (id == DPP_ATTR_WRAPPED_DATA)
+			wrapped_data = 1;
 		pos += alen;
 	}