From 51f785fabe6bea35b229b16f4c570dcd059045d2 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Wed, 10 Aug 2022 12:08:40 +0530 Subject: [PATCH] wpa_supplicant: Add WPS ssid length validation --- components/wpa_supplicant/esp_supplicant/src/esp_wps.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c index d70717ac41..e12f76dbae 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wps.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wps.c @@ -397,6 +397,7 @@ wps_parse_scan_result(struct wps_scan_ie *scan) for (count = 0; count < WPS_MAX_DIS_AP_NUM; count++) { if (os_memcmp(sm->dis_ap_list[count].bssid, scan->bssid, ETH_ALEN) == 0) { wpa_printf(MSG_INFO, "discard ap bssid "MACSTR, MAC2STR(scan->bssid)); + wpabuf_free(buf); return false; } } @@ -404,6 +405,9 @@ wps_parse_scan_result(struct wps_scan_ie *scan) if (ap_found || sm->ignore_sel_reg) { wpabuf_free(buf); + if (scan->ssid[1] > SSID_MAX_LEN) { + return false; + } esp_wifi_enable_sta_privacy_internal(); os_memset(sm->ssid[0], 0, SSID_MAX_LEN); os_memcpy(sm->ssid[0], (char *)&scan->ssid[2], (int)scan->ssid[1]);