jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hs20-osu-client: Use size_t for certificate components

Browse source 
This avoids a theoretical integer overflow with 16-bit unsigned int
should a certificate be encoded with more that 65535 friendly names or
icons.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-22 18:22:27 +02:00
parent 913220cbb8
commit 3f45b8daeb
2 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
hs20/client/osu_client.c
View file

@ -2907,7 +2907,7 @@ static char * get_hostname(const char *url)
static int osu_cert_cb(void *_ctx, struct http_cert *cert) static int osu_cert_cb(void *_ctx, struct http_cert *cert)
{ {
struct hs20_osu_client *ctx = _ctx; struct hs20_osu_client *ctx = _ctx;
unsigned int i, j; size_t i, j;
int found; int found;
char *host = NULL; char *host = NULL;
@ -3002,7 +3002,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
size_t name_len = os_strlen(name); size_t name_len = os_strlen(name);
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"[%i] Looking for icon file name '%s' match", "[%zu] Looking for icon file name '%s' match",
j, name); j, name);
for (i = 0; i < cert->num_logo; i++) { for (i = 0; i < cert->num_logo; i++) {
struct http_logo *logo = &cert->logo[i]; struct http_logo *logo = &cert->logo[i];
@ -3010,7 +3010,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
char *pos; char *pos;
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"[%i] Comparing to '%s' uri_len=%d name_len=%d", "[%zu] Comparing to '%s' uri_len=%d name_len=%d",
i, logo->uri, (int) uri_len, (int) name_len); i, logo->uri, (int) uri_len, (int) name_len);
if (uri_len < 1 + name_len) { if (uri_len < 1 + name_len) {
wpa_printf(MSG_INFO, "URI Length is too short"); wpa_printf(MSG_INFO, "URI Length is too short");
@ -3044,7 +3044,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
if (logo->hash_len != 32) { if (logo->hash_len != 32) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"[%i][%i] Icon hash length invalid (should be 32): %d", "[%zu][%zu] Icon hash length invalid (should be 32): %d",
j, i, (int) logo->hash_len); j, i, (int) logo->hash_len);
continue; continue;
} }
@ -3054,7 +3054,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
} }
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"[%u][%u] Icon hash did not match", j, i); "[%zu][%zu] Icon hash did not match", j, i);
wpa_hexdump_ascii(MSG_DEBUG, "logo->hash", wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
logo->hash, 32); logo->hash, 32);
wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]", wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",

6
src/utils/http-utils.h
View file

@ -28,11 +28,11 @@ struct http_logo {
struct http_cert { struct http_cert {
char **dnsname; char **dnsname;
unsigned int num_dnsname; size_t num_dnsname;
struct http_othername *othername; struct http_othername *othername;
unsigned int num_othername; size_t num_othername;
struct http_logo *logo; struct http_logo *logo;
unsigned int num_logo; size_t num_logo;
}; };
int soap_init_client(struct http_ctx *ctx, const char *address, int soap_init_client(struct http_ctx *ctx, const char *address,