From 1e5506588dcc4b2a4d3884459327a9d25e0ad288 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 10 Feb 2019 01:40:36 +0200
Subject: [PATCH] JSON: Fix string parsing when \\ escape is at the end of
 buffer

This would have resulted in reading one octet past the end of the buffer
before rejecting the string.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/utils/json.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/utils/json.c b/src/utils/json.c
index c6ada0548..b64433959 100644
--- a/src/utils/json.c
+++ b/src/utils/json.c
@@ -103,6 +103,11 @@ static char * json_parse_string(const char **json_pos, const char *end)
 			return str;
 		case '\\':
 			pos++;
+			if (pos >= end) {
+				wpa_printf(MSG_DEBUG,
+					   "JSON: Truncated \\ escape");
+				goto fail;
+			}
 			switch (*pos) {
 			case '"':
 			case '\\':