From: Jouni Malinen <j@w1.fi>
Date: Tue, 28 Apr 2015 14:20:09 +0000 (+0300)
Subject: WPS: Extra validation step for HTTP reader
X-Git-Tag: hostap_2_5~756
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af185d0b578fc447b1db0b42a03d8b2467decffd;p=thirdparty%2Fhostap.git

WPS: Extra validation step for HTTP reader

Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/wps/httpread.c b/src/wps/httpread.c
index d2855e32f..3570a1fda 100644
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@@ -608,6 +608,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
 				ncopy = nread;
 			}
 			/* Note: should never be 0 */
+			if (ncopy < 0) {
+				wpa_printf(MSG_DEBUG,
+					   "httpread: Invalid ncopy=%d", ncopy);
+				goto bad;
+			}
 			if (ncopy > nread)
 				ncopy = nread;
 			os_memcpy(bbp, rbp, ncopy);