WPS: Ignore too long Device Name attribute

While it looks like all the users of this parsed attribute were able to
handle longer Device Name values, there is no valid use case for these
and to avoid any potential issues in upper layer components, enforce
maximum length (32 bytes) on the Device Name during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 40bc1ad2d2c5bd665669e138775d4061b72454f8..5031f2e87b4cabb96bc4a81a28ccd86e9f191d5d 100644 (file)
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -462,6 +462,12 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
                attr->serial_number_len = len;
                break;
        case ATTR_DEV_NAME:
+               if (len > WPS_DEV_NAME_MAX_LEN) {
+                       wpa_printf(MSG_DEBUG,
+                                  "WPS: Ignore too long Device Name (len=%u)",
+                                  len);
+                       break;
+               }
                attr->dev_name = pos;
                attr->dev_name_len = len;
                break;