mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-23 06:02:37 +01:00
eap-gtc: limit password length to maximum
The password for EAP-GTC is directly used in an EAP response. The response buffer is created on the stack so an overly large password could cause a stack overflow.
This commit is contained in:
parent
301d8473df
commit
d40a8d1a6d
@ -32,6 +32,8 @@
|
|||||||
#include "src/eap.h"
|
#include "src/eap.h"
|
||||||
#include "src/eap-private.h"
|
#include "src/eap-private.h"
|
||||||
|
|
||||||
|
#define EAP_GTC_MAX_PASSWORD_LEN 2048
|
||||||
|
|
||||||
struct eap_gtc_state {
|
struct eap_gtc_state {
|
||||||
char *password;
|
char *password;
|
||||||
};
|
};
|
||||||
@ -148,6 +150,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Limit length to prevent a stack overflow
|
||||||
|
*/
|
||||||
|
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
|
||||||
|
l_free(password);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
gtc = l_new(struct eap_gtc_state, 1);
|
gtc = l_new(struct eap_gtc_state, 1);
|
||||||
gtc->password = password;
|
gtc->password = password;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user