Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

wsc: Don't use wsc_pin_is_checksum_valid on 4 digit PINs 

wsc_pin_is_valid allows two types of PINs through:
  1. 4 digit numeric PIN
  2. 8 digit numeric PIN

The current code always calls wsc_pin_is_checksum_valid to determine
whether a DEFAULT or USER_SPECIFIED PIN is used.  However, this function
is not safe to call on 4 digit PINs and causes a buffer overflow.

Add simple checks to treat 4 digit PINs as DEFAULT PINs and do not call
wsc_pin_is_checksum_valid on these.

Reported-By: Matthias Gerstner <matthias.gerstner@suse.de>
This commit is contained in:
Denis Kenzior 2018-09-24 11:57:56 -05:00
parent cc37018426
commit 3ca1aeb917
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wsc.c
View File

@ -444,7 +444,7 @@ static void wsc_connect(struct wsc *wsc)
if (l_dbus_message_get_arguments(wsc->pending, "s", &pin)) {
enum wsc_device_password_id dpid;
if (wsc_pin_is_checksum_valid(pin))
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
dpid = WSC_DEVICE_PASSWORD_ID_DEFAULT;
else
dpid = WSC_DEVICE_PASSWORD_ID_USER_SPECIFIED;
@ -958,7 +958,7 @@ static struct l_dbus_message *wsc_start_pin(struct l_dbus *dbus,
if (!wsc_pin_is_valid(pin))
return dbus_error_invalid_format(message);
if (wsc_pin_is_checksum_valid(pin))
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
dpid = WSC_DEVICE_PASSWORD_ID_DEFAULT;
else
dpid = WSC_DEVICE_PASSWORD_ID_USER_SPECIFIED;