While none of the current users of msg.persistent_ssid{,_len} would have
issues with too long SSID value, it is safer to enforce bounds checking
on the SSID while parsing the attribute to avoid any potential issues in
the future.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
break;
case P2P_ATTR_PERSISTENT_GROUP:
{
- if (len < ETH_ALEN) {
+ if (len < ETH_ALEN || len > ETH_ALEN + SSID_MAX_LEN) {
wpa_printf(MSG_DEBUG,
- "P2P: Too short Persistent Group Info (length %u)",
+ "P2P: Invalid Persistent Group Info (length %u)",
len);
return -1;
}