WPS: Extra validation step for HTTP reader

Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index d2855e32fd0f15f562c6cb7b8a52ac10d24ce416..3570a1fdaa3ff49b78c47e447408a21b961735e1 100644 (file)
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -608,6 +608,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
                                ncopy = nread;
                        }
                        /* Note: should never be 0 */
+                       if (ncopy < 0) {
+                               wpa_printf(MSG_DEBUG,
+                                          "httpread: Invalid ncopy=%d", ncopy);
+                               goto bad;
+                       }
                        if (ncopy > nread)
                                ncopy = nread;
                        os_memcpy(bbp, rbp, ncopy);