diff options
| -rw-r--r-- | src/wps/httpread.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/wps/httpread.c b/src/wps/httpread.c index ad4f4a1d..c40ca7a4 100644 --- a/src/wps/httpread.c +++ b/src/wps/httpread.c @@ -554,6 +554,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx) if (!isxdigit(*cbp)) goto bad; h->chunk_size = strtoul(cbp, NULL, 16); + if (h->chunk_size < 0 || + h->chunk_size > h->max_bytes) { + wpa_printf(MSG_DEBUG, + "httpread: Invalid chunk size %d", + h->chunk_size); + goto bad; + } /* throw away chunk header * so we have only real data */ |