mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
HS 2.0: Fix Terms and Conditions URL handling
Do not try to determine the length of the T&C Server URL before checking
that the URL is available. This got broken in a change to move the
handling to the AS. hostapd could potentially have hit a NULL pointer
dereference if the authentication server sent an unconsistent set of T&C
information.
Fixes: d4e39c51f8
("HS 2.0: Move Terms and Conditions Server URL generation from AP to AS")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
0f0aa2a640
commit
ab3ab50757
@ -184,13 +184,14 @@ int hs20_send_wnm_notification_t_c(struct hostapd_data *hapd,
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
int ret;
|
||||
size_t url_len = os_strlen(url);
|
||||
size_t url_len;
|
||||
|
||||
if (!url) {
|
||||
wpa_printf(MSG_INFO, "HS 2.0: No T&C Server URL available");
|
||||
return -1;
|
||||
}
|
||||
|
||||
url_len = os_strlen(url);
|
||||
if (5 + url_len > 255) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"HS 2.0: Too long T&C Server URL for WNM-Notification: '%s'",
|
||||
|
Loading…
Reference in New Issue
Block a user