WPS: Ignore too long Device Name attribute

While it looks like all the users of this parsed attribute were able to handle longer Device Name values, there is no valid use case for these and to avoid any potential issues in upper layer components, enforce maximum length (32 bytes) on the Device Name during parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
author: Jouni Malinen <jouni@qca.qualcomm.com> 2015-04-07 12:10:50 +0300
committer: Jouni Malinen <j@w1.fi> 2015-04-22 11:44:18 +0300
commit: 65b10253d62eba5badc2d5d1a2433e3b3d00f215 (patch)
tree: ac027bf63c738e74bbe0e088b1d4a2c887cd8016 /src/wps
parent: cc6f24380cdd2f696affc43b38f4b549792d8933 (diff)
download: hostap-65b10253d62eba5badc2d5d1a2433e3b3d00f215.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index 40bc1ad2d..5031f2e87 100644
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -462,6 +462,12 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
 		attr->serial_number_len = len;
 		break;
 	case ATTR_DEV_NAME:
+		if (len > WPS_DEV_NAME_MAX_LEN) {
+			wpa_printf(MSG_DEBUG,
+				   "WPS: Ignore too long Device Name (len=%u)",
+				   len);
+			break;
+		}
 		attr->dev_name = pos;
 		attr->dev_name_len = len;
 		break;
author	Jouni Malinen <jouni@qca.qualcomm.com>	2015-04-07 12:10:50 +0300
committer	Jouni Malinen <j@w1.fi>	2015-04-22 11:44:18 +0300
commit	65b10253d62eba5badc2d5d1a2433e3b3d00f215 (patch)
tree	ac027bf63c738e74bbe0e088b1d4a2c887cd8016 /src/wps
parent	cc6f24380cdd2f696affc43b38f4b549792d8933 (diff)
download	hostap-65b10253d62eba5badc2d5d1a2433e3b3d00f215.tar.gz