From dd3d8578d08660c9bde0fccb0d3cbbd625c9e4f8 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 7 Apr 2015 11:52:42 +0300 Subject: [PATCH] P2PS: Check for maximum SSID length in Persistent Group Info While none of the current users of msg.persistent_ssid{,_len} would have issues with too long SSID value, it is safer to enforce bounds checking on the SSID while parsing the attribute to avoid any potential issues in the future. Signed-off-by: Jouni Malinen --- src/p2p/p2p_parse.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/p2p/p2p_parse.c b/src/p2p/p2p_parse.c index fd6a4610d..4613414c7 100644 --- a/src/p2p/p2p_parse.c +++ b/src/p2p/p2p_parse.c @@ -371,9 +371,9 @@ static int p2p_parse_attribute(u8 id, const u8 *data, u16 len, break; case P2P_ATTR_PERSISTENT_GROUP: { - if (len < ETH_ALEN) { + if (len < ETH_ALEN || len > ETH_ALEN + SSID_MAX_LEN) { wpa_printf(MSG_DEBUG, - "P2P: Too short Persistent Group Info (length %u)", + "P2P: Invalid Persistent Group Info (length %u)", len); return -1; }