P2P: Add a maximum length limit for peer vendor IEs

This is mainly to help with fuzz testing that could generate overly long test data that would not be possible in real use cases due to MMPDU size limits. The implementation for storing vendor IEs with such unrealisticly long IE buffers can result in huge number of memory reallozations and analyzing those can be very heavy. While the maximum length of the fuzzing test input could be limited, it seems nicer to limit this IE storage limit instead to avoid timeouts from fuzz test runs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-02-05 01:39:29 +02:00 · 2021-02-05 01:39:29 +02:00 · 1c3e71d149
parent 947272febe
commit 1c3e71d149
1 changed files with 2 additions and 0 deletions
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@ -665,6 +665,8 @@ static void p2p_update_peer_vendor_elems(struct p2p_device *dev, const u8 *ies,
 		if (wpabuf_resize(&dev->info.vendor_elems, 2 + len) < 0)
 			break;
 		wpabuf_put_data(dev->info.vendor_elems, pos - 2, 2 + len);
+		if (wpabuf_size(dev->info.vendor_elems) > 2000)
+			break;
 	}
 }