From f9121813d75f5d21c786eaa94f108463d64a2ace Mon Sep 17 00:00:00 2001 From: Sam Leffler Date: Sun, 22 Jan 2012 12:00:44 +0200 Subject: [PATCH] dbus: Validate SSID length in new D-Bus scan request Validate the length of each SSID passed in a new D-Bus protocol Scan request. --- wpa_supplicant/dbus/dbus_new_handlers.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index e3526d460..f90c060fd 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -921,6 +921,16 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var, dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len); + if (len > MAX_SSID_LEN) { + wpa_printf(MSG_DEBUG, + "wpas_dbus_handler_scan[dbus]: " + "SSID too long (len=%d max_len=%d)", + len, MAX_SSID_LEN); + *reply = wpas_dbus_error_invalid_args( + message, "Invalid SSID: too long"); + return -1; + } + if (len != 0) { ssid = os_malloc(len); if (ssid == NULL) {