From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 7 Apr 2015 09:10:50 +0000 (+0300)
Subject: WPS: Ignore too long Device Name attribute
X-Git-Tag: hostap_2_5~844
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65b10253d62eba5badc2d5d1a2433e3b3d00f215;p=thirdparty%2Fhostap.git

WPS: Ignore too long Device Name attribute

While it looks like all the users of this parsed attribute were able to
handle longer Device Name values, there is no valid use case for these
and to avoid any potential issues in upper layer components, enforce
maximum length (32 bytes) on the Device Name during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 40bc1ad2d..5031f2e87 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -462,6 +462,12 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
 		attr->serial_number_len = len;
 		break;
 	case ATTR_DEV_NAME:
+		if (len > WPS_DEV_NAME_MAX_LEN) {
+			wpa_printf(MSG_DEBUG,
+				   "WPS: Ignore too long Device Name (len=%u)",
+				   len);
+			break;
+		}
 		attr->dev_name = pos;
 		attr->dev_name_len = len;
 		break;