jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Limit freq_range_list_parse() result to UINT_MAX entries

Browse source 
This addresses a theoretical integer overflow with configuration
parameters with 16-bit int.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-22 18:37:40 +02:00
parent 2f06008564
commit 749add5c64
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/utils/common.c
View file

@ -791,6 +791,10 @@ int freq_range_list_parse(struct wpa_freq_range_list *res, const char *value)
*/ */
pos = value; pos = value;
while (pos && pos[0]) { while (pos && pos[0]) {
if (count == UINT_MAX) {
os_free(freq);
return -1;
}
n = os_realloc_array(freq, count + 1, n = os_realloc_array(freq, count + 1,
sizeof(struct wpa_freq_range)); sizeof(struct wpa_freq_range));
if (n == NULL) { if (n == NULL) {