dbus: Validate SSID length in new D-Bus scan request

Validate the length of each SSID passed in a new D-Bus protocol Scan request.
author: Sam Leffler <sleffler@chromium.org> 2012-01-22 12:00:44 +0200
committer: Jouni Malinen <j@w1.fi> 2012-01-22 12:02:09 +0200
commit: f9121813d75f5d21c786eaa94f108463d64a2ace (patch)
tree: e849fe99ced8a647517a482effa9d3ba8a00c7d8 /wpa_supplicant
parent: 8017b538e70f2c27feefb8746ae1f876d2c42f37 (diff)
download: external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.zip
external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.gz
external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.bz2
1 files changed, 10 insertions, 0 deletions
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index e3526d4..f90c060 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -921,6 +921,16 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var,
 
 		dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len);
 
+		if (len > MAX_SSID_LEN) {
+			wpa_printf(MSG_DEBUG,
+				   "wpas_dbus_handler_scan[dbus]: "
+				   "SSID too long (len=%d max_len=%d)",
+				   len, MAX_SSID_LEN);
+			*reply = wpas_dbus_error_invalid_args(
+				message, "Invalid SSID: too long");
+			return -1;
+		}
+
 		if (len != 0) {
 			ssid = os_malloc(len);
 			if (ssid == NULL) {
author	Sam Leffler <sleffler@chromium.org>	2012-01-22 12:00:44 +0200
committer	Jouni Malinen <j@w1.fi>	2012-01-22 12:02:09 +0200
commit	f9121813d75f5d21c786eaa94f108463d64a2ace (patch)
tree	e849fe99ced8a647517a482effa9d3ba8a00c7d8 /wpa_supplicant
parent	8017b538e70f2c27feefb8746ae1f876d2c42f37 (diff)
download	external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.zip external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.gz external_wpa_supplicant_8_ti-f9121813d75f5d21c786eaa94f108463d64a2ace.tar.bz2