]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2f06008)
Limit freq_range_list_parse() result to UINT_MAX entries
authorJouni Malinen <j@w1.fi>
Sun, 22 Mar 2020 16:37:40 +0000 (18:37 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 22 Mar 2020 16:50:04 +0000 (18:50 +0200)
This addresses a theoretical integer overflow with configuration
parameters with 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/utils/common.c patch | blob | blame | history

diff --git a/src/utils/common.c b/src/utils/common.c
index e5b3dcbd4909498acc5047f0f436f8a17ea56516..16aa7b6eed7321cd38530be0007c84d00b5440ed 100644 (file)
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -791,6 +791,10 @@ int freq_range_list_parse(struct wpa_freq_range_list *res, const char *value)
         */
        pos = value;
        while (pos && pos[0]) {
+               if (count == UINT_MAX) {
+                       os_free(freq);
+                       return -1;
+               }
                n = os_realloc_array(freq, count + 1,
                                     sizeof(struct wpa_freq_range));
                if (n == NULL) {
Unnamed repository; edit this file 'description' to name the repository.