P2PS: Verify service name length in P2P_FIND command

p2ps_gen_hash() has a limit on service names based on the temporary buffer from stack. Verify that the service name from the local P2P_FIND command is short enough to fix into that buffer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-18 17:04:16 +03:00 · 2015-06-18 17:04:16 +03:00 · f33a31b06c
parent 129b621653
commit f33a31b06c
1 changed files with 2 additions and 0 deletions
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@ -1139,6 +1139,8 @@ static int p2ps_gen_hash(struct p2p_data *p2p, const char *str, u8 *hash)

 	adv_array = (u8 *) str_buf;
 	adv_len = os_strlen(str);
+	if (adv_len >= sizeof(str_buf))
+		return 0;

 	for (i = 0; str[i] && i < adv_len; i++) {
 		if (str[i] >= 'A' && str[i] <= 'Z')