dbus: Validate SSID length in new D-Bus scan request

Validate the length of each SSID passed in a new D-Bus protocol
Scan request.

diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index e3526d460ea449df9512035c15c86096a591acb2..f90c060fd0de379fc014ffc30ec392e6ff5e1492 100644 (file)
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -921,6 +921,16 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var,
 
                dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
 
+               if (len > MAX_SSID_LEN) {
+                       wpa_printf(MSG_DEBUG,
+                                  "wpas_dbus_handler_scan[dbus]: "
+                                  "SSID too long (len=%d max_len=%d)",
+                                  len, MAX_SSID_LEN);
+                       *reply = wpas_dbus_error_invalid_args(
+                               message, "Invalid SSID: too long");
+                       return -1;
+               }
+
                if (len != 0) {
                        ssid = os_malloc(len);
                        if (ssid == NULL) {