From 65b10253d62eba5badc2d5d1a2433e3b3d00f215 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 7 Apr 2015 12:10:50 +0300 Subject: [PATCH] WPS: Ignore too long Device Name attribute While it looks like all the users of this parsed attribute were able to handle longer Device Name values, there is no valid use case for these and to avoid any potential issues in upper layer components, enforce maximum length (32 bytes) on the Device Name during parsing. Signed-off-by: Jouni Malinen --- src/wps/wps_attr_parse.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c index 40bc1ad2d..5031f2e87 100644 --- a/src/wps/wps_attr_parse.c +++ b/src/wps/wps_attr_parse.c @@ -462,6 +462,12 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type, attr->serial_number_len = len; break; case ATTR_DEV_NAME: + if (len > WPS_DEV_NAME_MAX_LEN) { + wpa_printf(MSG_DEBUG, + "WPS: Ignore too long Device Name (len=%u)", + len); + break; + } attr->dev_name = pos; attr->dev_name_len = len; break;