From: Jouni Malinen Date: Tue, 7 Apr 2015 08:50:10 +0000 (+0300) Subject: Ignore too long SSID element value in parser X-Git-Tag: hostap_2_5~847 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05e46a944ac6f5667b180e8ff49793e3c45ae6dd;p=thirdparty%2Fhostap.git Ignore too long SSID element value in parser The SSID element is defined to have a valid length range of 0-32. While this length was supposed to validated by the users of the element parser, there are not really any valid cases where the maximum length of 32 octet SSID would be exceeded and as such, the parser itself can enforce the limit as an additional protection. Signed-off-by: Jouni Malinen --- diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c index aca0b7322..c741e13b0 100644 --- a/src/common/ieee802_11_common.c +++ b/src/common/ieee802_11_common.c @@ -196,6 +196,12 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len, switch (id) { case WLAN_EID_SSID: + if (elen > SSID_MAX_LEN) { + wpa_printf(MSG_DEBUG, + "Ignored too long SSID element (elen=%u)", + elen); + break; + } elems->ssid = pos; elems->ssid_len = elen; break; diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index 6e9c43cb2..62009f512 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -1354,4 +1354,6 @@ struct rrm_link_measurement_report { u8 variable[0]; } STRUCT_PACKED; +#define SSID_MAX_LEN 32 + #endif /* IEEE802_11_DEFS_H */