mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-28 12:12:32 +01:00
wsc: Don't use wsc_pin_is_checksum_valid on 4 digit PINs
wsc_pin_is_valid allows two types of PINs through: 1. 4 digit numeric PIN 2. 8 digit numeric PIN The current code always calls wsc_pin_is_checksum_valid to determine whether a DEFAULT or USER_SPECIFIED PIN is used. However, this function is not safe to call on 4 digit PINs and causes a buffer overflow. Add simple checks to treat 4 digit PINs as DEFAULT PINs and do not call wsc_pin_is_checksum_valid on these. Reported-By: Matthias Gerstner <matthias.gerstner@suse.de>
This commit is contained in:
parent
cc37018426
commit
3ca1aeb917
@ -444,7 +444,7 @@ static void wsc_connect(struct wsc *wsc)
|
||||
if (l_dbus_message_get_arguments(wsc->pending, "s", &pin)) {
|
||||
enum wsc_device_password_id dpid;
|
||||
|
||||
if (wsc_pin_is_checksum_valid(pin))
|
||||
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
|
||||
dpid = WSC_DEVICE_PASSWORD_ID_DEFAULT;
|
||||
else
|
||||
dpid = WSC_DEVICE_PASSWORD_ID_USER_SPECIFIED;
|
||||
@ -958,7 +958,7 @@ static struct l_dbus_message *wsc_start_pin(struct l_dbus *dbus,
|
||||
if (!wsc_pin_is_valid(pin))
|
||||
return dbus_error_invalid_format(message);
|
||||
|
||||
if (wsc_pin_is_checksum_valid(pin))
|
||||
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
|
||||
dpid = WSC_DEVICE_PASSWORD_ID_DEFAULT;
|
||||
else
|
||||
dpid = WSC_DEVICE_PASSWORD_ID_USER_SPECIFIED;
|
||||
|
Loading…
Reference in New Issue
Block a user