P2P: Add a maximum length limit for peer vendor IEs
This is mainly to help with fuzz testing that could generate overly long test data that would not be possible in real use cases due to MMPDU size limits. The implementation for storing vendor IEs with such unrealisticly long IE buffers can result in huge number of memory reallozations and analyzing those can be very heavy. While the maximum length of the fuzzing test input could be limited, it seems nicer to limit this IE storage limit instead to avoid timeouts from fuzz test runs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
947272febe
commit
1c3e71d149
1 changed files with 2 additions and 0 deletions
|
@ -665,6 +665,8 @@ static void p2p_update_peer_vendor_elems(struct p2p_device *dev, const u8 *ies,
|
||||||
if (wpabuf_resize(&dev->info.vendor_elems, 2 + len) < 0)
|
if (wpabuf_resize(&dev->info.vendor_elems, 2 + len) < 0)
|
||||||
break;
|
break;
|
||||||
wpabuf_put_data(dev->info.vendor_elems, pos - 2, 2 + len);
|
wpabuf_put_data(dev->info.vendor_elems, pos - 2, 2 + len);
|
||||||
|
if (wpabuf_size(dev->info.vendor_elems) > 2000)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue