From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Tue, 7 Apr 2015 10:22:49 +0000 (+0300)
Subject: WPS: Ignore too long SSID attribute
X-Git-Tag: hostap_2_5~838
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a041acc0a71fe479de3b87338b0c7126ea7f486;p=thirdparty%2Fhostap.git

WPS: Ignore too long SSID attribute

While it looks like all the users of this parsed attribute were able to
handle longer SSID values, there is no valid use case for these and to
avoid any potential future issues, enforce maximum length (32 bytes) on
the SSID during parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 5031f2e87..2feeb1180 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -491,6 +491,11 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
 		attr->num_cred++;
 		break;
 	case ATTR_SSID:
+		if (len > SSID_MAX_LEN) {
+			wpa_printf(MSG_DEBUG,
+				   "WPS: Ignore too long SSID (len=%u)", len);
+			break;
+		}
 		attr->ssid = pos;
 		attr->ssid_len = len;
 		break;