From: Jouni Malinen <j@w1.fi>
Date: Sat, 4 Sep 2010 19:01:29 +0000 (+0300)
Subject: dbus: Verify WPA/RSN IE parser result before returning data
X-Git-Tag: hostap-1-bp~1203
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=af3e1b0ec2f450024e8db2b710b1348b70312916;p=thirdparty%2Fhostap.git

dbus: Verify WPA/RSN IE parser result before returning data
---

diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 602ad34c1..e2b5e50dd 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -2726,8 +2726,11 @@ DBusMessage * wpas_dbus_getter_bss_wpa(DBusMessage *message,
 
 	os_memset(&wpa_data, 0, sizeof(wpa_data));
 	ie = wpa_bss_get_vendor_ie(res, WPA_IE_VENDOR_TYPE);
-	if (ie)
-		wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data);
+	if (ie) {
+		if (wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data) < 0)
+			return wpas_dbus_error_unknown_error(message,
+							     "invalid WPA IE");
+	}
 
 	return wpas_dbus_get_bss_security_prop(message, &wpa_data);
 }
@@ -2756,8 +2759,11 @@ DBusMessage * wpas_dbus_getter_bss_rsn(DBusMessage *message,
 
 	os_memset(&wpa_data, 0, sizeof(wpa_data));
 	ie = wpa_bss_get_ie(res, WLAN_EID_RSN);
-	if (ie)
-		wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data);
+	if (ie) {
+		if (wpa_parse_wpa_ie(ie, 2 + ie[1], &wpa_data) < 0)
+			return wpas_dbus_error_unknown_error(message,
+							     "invalid RSN IE");
+	}
 
 	return wpas_dbus_get_bss_security_prop(message, &wpa_data);
 }