jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Limit freq_range_list_parse() result to UINT_MAX entries 

This addresses a theoretical integer overflow with configuration
parameters with 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-22 18:37:40 +02:00
parent 2f06008564
commit 749add5c64
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/utils/common.c
View File

@ -791,6 +791,10 @@ int freq_range_list_parse(struct wpa_freq_range_list *res, const char *value)
*/
pos = value;
while (pos && pos[0]) {
if (count == UINT_MAX) {
os_free(freq);
return -1;
}
n = os_realloc_array(freq, count + 1,
sizeof(struct wpa_freq_range));
if (n == NULL) {