jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

WPS: Truncate variable length string attributes to maximum length

Browse source 
This enforces variable length strings Manufacturer, Model Name, Model
Number, and Serial Number to be within the maximum length defined in the
WSC specification. While none of the existing users for these within
hostapd/wpa_supplicant had problems with longer strings, it is good to
ensure the strings are not longer to avoid potential issues at higher
layer components.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-04-19 17:17:37 +03:00
parent f4b64c603e
commit 6b94f71dcd
3 changed files with 24 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/p2p/p2p.h
View file

@ -274,22 +274,22 @@ struct p2p_peer_info {
/** /**
* manufacturer - Manufacturer (0..64 octets encoded in UTF-8) * manufacturer - Manufacturer (0..64 octets encoded in UTF-8)
*/ */
char manufacturer[65]; char manufacturer[WPS_MANUFACTURER_MAX_LEN + 1];
/** /**
* model_name - Model Name (0..32 octets encoded in UTF-8) * model_name - Model Name (0..32 octets encoded in UTF-8)
*/ */
char model_name[33]; char model_name[WPS_MODEL_NAME_MAX_LEN + 1];
/** /**
* model_number - Model Number (0..32 octets encoded in UTF-8) * model_number - Model Number (0..32 octets encoded in UTF-8)
*/ */
char model_number[33]; char model_number[WPS_MODEL_NUMBER_MAX_LEN + 1];
/** /**
* serial_number - Serial Number (0..32 octets encoded in UTF-8) * serial_number - Serial Number (0..32 octets encoded in UTF-8)
*/ */
char serial_number[33]; char serial_number[WPS_SERIAL_NUMBER_MAX_LEN + 1];
/** /**
* level - Signal level * level - Signal level

20
src/wps/wps_attr_parse.c
View file

@ -447,19 +447,31 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
break; break;
case ATTR_MANUFACTURER: case ATTR_MANUFACTURER:
attr->manufacturer = pos; attr->manufacturer = pos;
attr->manufacturer_len = len; if (len > WPS_MANUFACTURER_MAX_LEN)
attr->manufacturer_len = WPS_MANUFACTURER_MAX_LEN;
else
attr->manufacturer_len = len;
break; break;
case ATTR_MODEL_NAME: case ATTR_MODEL_NAME:
attr->model_name = pos; attr->model_name = pos;
attr->model_name_len = len; if (len > WPS_MODEL_NAME_MAX_LEN)
attr->model_name_len = WPS_MODEL_NAME_MAX_LEN;
else
attr->model_name_len = len;
break; break;
case ATTR_MODEL_NUMBER: case ATTR_MODEL_NUMBER:
attr->model_number = pos; attr->model_number = pos;
attr->model_number_len = len; if (len > WPS_MODEL_NUMBER_MAX_LEN)
attr->model_number_len = WPS_MODEL_NUMBER_MAX_LEN;
else
attr->model_number_len = len;
break; break;
case ATTR_SERIAL_NUMBER: case ATTR_SERIAL_NUMBER:
attr->serial_number = pos; attr->serial_number = pos;
attr->serial_number_len = len; if (len > WPS_SERIAL_NUMBER_MAX_LEN)
attr->serial_number_len = WPS_SERIAL_NUMBER_MAX_LEN;
else
attr->serial_number_len = len;
break; break;
case ATTR_DEV_NAME: case ATTR_DEV_NAME:
if (len > WPS_DEV_NAME_MAX_LEN) { if (len > WPS_DEV_NAME_MAX_LEN) {

4
src/wps/wps_defs.h
View file

@ -42,6 +42,10 @@ extern int wps_corrupt_pkhash;
#define WPS_OOB_DEVICE_PASSWORD_LEN 32 #define WPS_OOB_DEVICE_PASSWORD_LEN 32
#define WPS_OOB_PUBKEY_HASH_LEN 20 #define WPS_OOB_PUBKEY_HASH_LEN 20
#define WPS_DEV_NAME_MAX_LEN 32 #define WPS_DEV_NAME_MAX_LEN 32
#define WPS_MANUFACTURER_MAX_LEN 64
#define WPS_MODEL_NAME_MAX_LEN 32
#define WPS_MODEL_NUMBER_MAX_LEN 32
#define WPS_SERIAL_NUMBER_MAX_LEN 32
/* Attribute Types */ /* Attribute Types */
enum wps_attribute { enum wps_attribute {