Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

P2PS: Verify service name length in P2P_FIND command

p2ps_gen_hash() has a limit on service names based on the temporary
buffer from stack. Verify that the service name from the local P2P_FIND
command is short enough to fix into that buffer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
129b621653
commit
f33a31b06c
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/p2p/p2p.c

+ 2 - 0
src/p2p/p2p.c
View File 

@@ -1139,6 +1139,8 @@ static int p2ps_gen_hash(struct p2p_data *p2p, const char *str, u8 *hash)
 
 
 	adv_array = (u8 *) str_buf;
 
 	adv_len = os_strlen(str);
 
+	if (adv_len >= sizeof(str_buf))
 
+		return 0;
 
 
 	for (i = 0; str[i] && i < adv_len; i++) {
 
 		if (str[i] >= 'A' && str[i] <= 'Z')