From patchwork Wed Jan 18 22:18:18 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Leffler X-Patchwork-Id: 136708 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id CFD39B6EE8 for ; Thu, 19 Jan 2012 09:30:09 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 488CB17C039; Wed, 18 Jan 2012 17:30:07 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxXejEMJZgV2; Wed, 18 Jan 2012 17:30:07 -0500 (EST) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id C8A1E17C03A; Wed, 18 Jan 2012 17:30:02 -0500 (EST) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 9205D17C03A for ; Wed, 18 Jan 2012 17:30:01 -0500 (EST) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCm1xoCcnJya for ; Wed, 18 Jan 2012 17:29:57 -0500 (EST) Received: from mail-wi0-f202.google.com (mail-wi0-f202.google.com [209.85.212.202]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 92A4B17C039 for ; Wed, 18 Jan 2012 17:29:57 -0500 (EST) Received: by wibhm11 with SMTP id hm11so192036wib.5 for ; Wed, 18 Jan 2012 14:29:56 -0800 (PST) Received: by 10.213.10.131 with SMTP id p3mr55573ebp.4.1326925796197; Wed, 18 Jan 2012 14:29:56 -0800 (PST) Received: by 10.213.10.131 with SMTP id p3mr55569ebp.4.1326925796053; Wed, 18 Jan 2012 14:29:56 -0800 (PST) Received: from hpza10.eem.corp.google.com ([74.125.121.33]) by gmr-mx.google.com with ESMTPS id g43si14354824eea.0.2012.01.18.14.29.56 (version=TLSv1/SSLv3 cipher=AES128-SHA); Wed, 18 Jan 2012 14:29:56 -0800 (PST) Received: from lefflers.sfo.corp.google.com (lefflers.sfo.corp.google.com [172.31.131.125]) by hpza10.eem.corp.google.com (Postfix) with ESMTP id D72C320004E for ; Wed, 18 Jan 2012 14:29:55 -0800 (PST) Received: by lefflers.sfo.corp.google.com (Postfix, from userid 98949) id EB5EF58072; Wed, 18 Jan 2012 14:29:54 -0800 (PST) From: Sam Leffler Date: Wed, 18 Jan 2012 14:18:18 -0800 Subject: [PATCH] dbus: validate SSID length in new D-Bus scan request To: hostap@lists.shmoo.com Message-Id: <20120118222954.EB5EF58072@lefflers.sfo.corp.google.com> X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com Validate the length of each SSID passed in a new D-Bus protocol Scan request. Change-Id: I6c4bc44bc0ea41b80e3354af82ccd5ef64e617dc --- wpa_supplicant/dbus/dbus_new_handlers.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index e3526d4..f90c060 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -921,6 +921,16 @@ static int wpas_dbus_get_scan_ssids(DBusMessage *message, DBusMessageIter *var, dbus_message_iter_get_fixed_array(&sub_array_iter, &val, &len); + if (len > MAX_SSID_LEN) { + wpa_printf(MSG_DEBUG, + "wpas_dbus_handler_scan[dbus]: " + "SSID too long (len=%d max_len=%d)", + len, MAX_SSID_LEN); + *reply = wpas_dbus_error_invalid_args( + message, "Invalid SSID: too long"); + return -1; + } + if (len != 0) { ssid = os_malloc(len); if (ssid == NULL) {