diff options
| author | Jouni Malinen <j@w1.fi> | 2015-04-28 17:20:09 +0300 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-05-31 16:04:01 -0700 |
| commit | 87a99b617abbd3745035352bf96a3315e8b5735e (patch) | |
| tree | fda76e70a7ee2e379d99c20b3e1a59252621c9d4 /src | |
| parent | 4586abaee78a145f30f972070a38bde8828b74a5 (diff) | |
| download | android_external_wpa_supplicant_8-87a99b617abbd3745035352bf96a3315e8b5735e.tar.gz android_external_wpa_supplicant_8-87a99b617abbd3745035352bf96a3315e8b5735e.tar.bz2 android_external_wpa_supplicant_8-87a99b617abbd3745035352bf96a3315e8b5735e.zip | |
WPS: Extra validation step for HTTP reader
Verify that ncopy parameter to memcpy is not negative. While this is not
supposed to be needed, it is a good additional protection against
unknown implementation issues.
CRs-Fixed: 833592
Git-commit: af185d0b578fc447b1db0b42a03d8b2467decffd
Git-repo : git://w1.fi/srv/git/hostap.git
Signed-off-by: Jouni Malinen <j@w1.fi>
Change-Id: Ia00919c23298912f0f927fb4b4a98747fc40e0ac
Diffstat (limited to 'src')
| -rw-r--r-- | src/wps/httpread.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/wps/httpread.c b/src/wps/httpread.c index d2855e32..3570a1fd 100644 --- a/src/wps/httpread.c +++ b/src/wps/httpread.c @@ -608,6 +608,11 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) ncopy = nread; } /* Note: should never be 0 */ + if (ncopy < 0) { + wpa_printf(MSG_DEBUG, + "httpread: Invalid ncopy=%d", ncopy); + goto bad; + } if (ncopy > nread) ncopy = nread; os_memcpy(bbp, rbp, ncopy); |