WPS: Extra validation step for HTTP reader

Verify that ncopy parameter to memcpy is not negative. While this is not supposed to be needed, it is a good additional protection against unknown implementation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-28 17:20:09 +03:00 · 2015-04-28 17:20:09 +03:00 · af185d0b57
commit af185d0b57
parent 5acd23f458
1 changed files with 5 additions and 0 deletions
--- a/src/wps/httpread.c
+++ b/src/wps/httpread.c
@ -608,6 +608,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
 				ncopy = nread;
 			}
 			/* Note: should never be 0 */
+			if (ncopy < 0) {
+				wpa_printf(MSG_DEBUG,
+					   "httpread: Invalid ncopy=%d", ncopy);
+				goto bad;
+			}
 			if (ncopy > nread)
 				ncopy = nread;
 			os_memcpy(bbp, rbp, ncopy);