Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eap-gtc: limit password length to maximum 

The password for EAP-GTC is directly used in an EAP response. The
response buffer is created on the stack so an overly large password
could cause a stack overflow.
This commit is contained in:
James Prestwood 2020-03-06 11:16:27 -08:00 committed by Denis Kenzior
parent 301d8473df
commit d40a8d1a6d
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/eap-gtc.c
View File

@ -32,6 +32,8 @@
#include "src/eap.h"
#include "src/eap-private.h"
#define EAP_GTC_MAX_PASSWORD_LEN 2048
struct eap_gtc_state {
char *password;
};
@ -148,6 +150,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap,
return false;
}
/*
* Limit length to prevent a stack overflow
*/
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
l_free(password);
return false;
}
gtc = l_new(struct eap_gtc_state, 1);
gtc->password = password;