Ignore too long SSID element value in parser

The SSID element is defined to have a valid length range of 0-32. While
this length was supposed to validated by the users of the element
parser, there are not really any valid cases where the maximum length of
32 octet SSID would be exceeded and as such, the parser itself can
enforce the limit as an additional protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/common/ieee802_11_common.c

@@ -196,6 +196,12 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 
 		switch (id) {
 		case WLAN_EID_SSID:
+			if (elen > SSID_MAX_LEN) {
+				wpa_printf(MSG_DEBUG,
+					   "Ignored too long SSID element (elen=%u)",
+					   elen);
+				break;
+			}
 			elems->ssid = pos;
 			elems->ssid_len = elen;
 			break;

src/common/ieee802_11_defs.h

@@ -1354,4 +1354,6 @@ struct rrm_link_measurement_report {
 	u8 variable[0];
 } STRUCT_PACKED;
 
+#define SSID_MAX_LEN 32
+
 #endif /* IEEE802_11_DEFS_H */