P2P: Add a maximum length limit for peer vendor IEs

This is mainly to help with fuzz testing that could generate overly long
test data that would not be possible in real use cases due to MMPDU size
limits. The implementation for storing vendor IEs with such
unrealisticly long IE buffers can result in huge number of memory
reallozations and analyzing those can be very heavy.

While the maximum length of the fuzzing test input could be limited, it
seems nicer to limit this IE storage limit instead to avoid timeouts
from fuzz test runs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2021-02-05 01:39:29 +02:00 committed by Jouni Malinen
parent 947272febe
commit 1c3e71d149

View file

@ -665,6 +665,8 @@ static void p2p_update_peer_vendor_elems(struct p2p_device *dev, const u8 *ies,
if (wpabuf_resize(&dev->info.vendor_elems, 2 + len) < 0) if (wpabuf_resize(&dev->info.vendor_elems, 2 + len) < 0)
break; break;
wpabuf_put_data(dev->info.vendor_elems, pos - 2, 2 + len); wpabuf_put_data(dev->info.vendor_elems, pos - 2, 2 + len);
if (wpabuf_size(dev->info.vendor_elems) > 2000)
break;
} }
} }