jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix language string length validation in parse_lang_string()

Browse source 
The language string length needs to be validated to hit into the
three-octet lang field in struct hostapd_lang_string before copying
this. Invalid configuration entries in hostapd.conf could have resulted
in buffer overflow.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-09-25 12:53:00 +03:00 committed by Jouni Malinen
parent 742e715b31
commit 04e533e249
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hostapd/config_file.c
View file

@ -1299,7 +1299,7 @@ static int parse_lang_string(struct hostapd_lang_string **array,
*sep++ = '\0'; *sep++ = '\0';
clen = os_strlen(pos); clen = os_strlen(pos);
if (clen < 2) if (clen < 2 || clen > sizeof(ls->lang))
return -1; return -1;
nlen = os_strlen(sep); nlen = os_strlen(sep);
if (nlen > 252) if (nlen > 252)