mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
WPS: Add explicit message length limit of 50000 bytes
Previously, this was implicitly limited by the 16-bit length field to 65535. This resulted in unhelpful static analyzer warnings (CID 62868). Add an explicit (but pretty arbitrary) limit of 50000 bytes to avoid this. The actual WSC messages are significantly shorter in practice, but there is no specific protocol limit, so 50000 is as good as any limit to use here. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
5c6787a6ca
commit
adf96fb66b
@ -462,7 +462,7 @@ static struct wpabuf * eap_wsc_process(struct eap_sm *sm, void *priv,
|
||||
message_length = WPA_GET_BE16(pos);
|
||||
pos += 2;
|
||||
|
||||
if (message_length < end - pos) {
|
||||
if (message_length < end - pos || message_length > 50000) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
|
||||
"Length");
|
||||
ret->ignore = TRUE;
|
||||
|
@ -380,7 +380,7 @@ static void eap_wsc_process(struct eap_sm *sm, void *priv,
|
||||
message_length = WPA_GET_BE16(pos);
|
||||
pos += 2;
|
||||
|
||||
if (message_length < end - pos) {
|
||||
if (message_length < end - pos || message_length > 50000) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-WSC: Invalid Message "
|
||||
"Length");
|
||||
return;
|
||||
|
Loading…
Reference in New Issue
Block a user