WPS: Ignore too long SSID attribute

While it looks like all the users of this parsed attribute were able to
handle longer SSID values, there is no valid use case for these and to
avoid any potential future issues, enforce maximum length (32 bytes) on
the SSID during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 5031f2e87b4cabb96bc4a81a28ccd86e9f191d5d..2feeb1180619755594493f3adf3697a4a5e9a2b1 100644 (file)
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -491,6 +491,11 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
                attr->num_cred++;
                break;
        case ATTR_SSID:
+               if (len > SSID_MAX_LEN) {
+                       wpa_printf(MSG_DEBUG,
+                                  "WPS: Ignore too long SSID (len=%u)", len);
+                       break;
+               }
                attr->ssid = pos;
                attr->ssid_len = len;
                break;