Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix language string length validation in parse_lang_string()

The language string length needs to be validated to hit into the
three-octet lang field in struct hostapd_lang_string before copying
this. Invalid configuration entries in hostapd.conf could have resulted
in buffer overflow.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 11 years ago
parent
742e715b31
commit
04e533e249
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      hostapd/config_file.c

+ 1 - 1
hostapd/config_file.c
View File 

@@ -1299,7 +1299,7 @@ static int parse_lang_string(struct hostapd_lang_string **array,
 
 	*sep++ = '\0';
 
 
 	clen = os_strlen(pos);
 
-	if (clen < 2)
 
+	if (clen < 2 || clen > sizeof(ls->lang))
 
 		return -1;
 
 	nlen = os_strlen(sep);
 
 	if (nlen > 252)