Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Ignore too long SSID element value in parser

The SSID element is defined to have a valid length range of 0-32. While
this length was supposed to validated by the users of the element
parser, there are not really any valid cases where the maximum length of
32 octet SSID would be exceeded and as such, the parser itself can
enforce the limit as an additional protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
9ed4eee345
commit
05e46a944a
2 changed files with 8 additions and 0 deletions
Unified View Show Diff Stats
  1. 6 0
      src/common/ieee802_11_common.c
  2. 2 0
      src/common/ieee802_11_defs.h

+ 6 - 0
src/common/ieee802_11_common.c
View File 

@@ -196,6 +196,12 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 
 
 
 		switch (id) {
 
 		switch (id) {
 
 		case WLAN_EID_SSID:
 
 		case WLAN_EID_SSID:
 
+			if (elen > SSID_MAX_LEN) {
 
+				wpa_printf(MSG_DEBUG,
 
+					   "Ignored too long SSID element (elen=%u)",
 
+					   elen);
 
+				break;
 
+			}
 
 			elems->ssid = pos;
 
 			elems->ssid = pos;
 
 			elems->ssid_len = elen;
 
 			elems->ssid_len = elen;
 
 			break;
 
 			break;

+ 2 - 0
src/common/ieee802_11_defs.h
View File 

@@ -1354,4 +1354,6 @@ struct rrm_link_measurement_report {
 
 	u8 variable[0];
 
 	u8 variable[0];
 
 } STRUCT_PACKED;
 
 } STRUCT_PACKED;
 
 
 
+#define SSID_MAX_LEN 32
 
+
 
 #endif /* IEEE802_11_DEFS_H */
 
 #endif /* IEEE802_11_DEFS_H */