From e149051ced781ef7b29ae47e98c6d06e4e666f68 Mon Sep 17 00:00:00 2001 From: Sriram R Date: Thu, 26 Mar 2020 08:42:19 +0530 Subject: [PATCH] hostapd: Validate the country_code parameter value cfg80211/regulatory supports only ISO 3166-1 alpha2 country code and that's what this parameter is supposed to use, so validate the country code input before accepting the value. Only characters A..Z are accepted. Signed-off-by: Sriram R --- hostapd/config_file.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 425446c24..1d8c03973 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2463,6 +2463,13 @@ static int hostapd_config_fill(struct hostapd_config *conf, } else if (os_strcmp(buf, "skip_inactivity_poll") == 0) { bss->skip_inactivity_poll = atoi(pos); } else if (os_strcmp(buf, "country_code") == 0) { + if (pos[0] < 'A' || pos[0] > 'Z' || + pos[1] < 'A' || pos[1] > 'Z') { + wpa_printf(MSG_ERROR, + "Line %d: Invalid country_code '%s'", + line, pos); + return 1; + } os_memcpy(conf->country, pos, 2); } else if (os_strcmp(buf, "country3") == 0) { conf->country[2] = strtol(pos, NULL, 16);