3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00

eap-gtc: limit password length to maximum

The password for EAP-GTC is directly used in an EAP response. The
response buffer is created on the stack so an overly large password
could cause a stack overflow.
This commit is contained in:
James Prestwood 2020-03-06 11:16:27 -08:00 committed by Denis Kenzior
parent 301d8473df
commit d40a8d1a6d

View File

@ -32,6 +32,8 @@
#include "src/eap.h" #include "src/eap.h"
#include "src/eap-private.h" #include "src/eap-private.h"
#define EAP_GTC_MAX_PASSWORD_LEN 2048
struct eap_gtc_state { struct eap_gtc_state {
char *password; char *password;
}; };
@ -148,6 +150,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap,
return false; return false;
} }
/*
* Limit length to prevent a stack overflow
*/
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
l_free(password);
return false;
}
gtc = l_new(struct eap_gtc_state, 1); gtc = l_new(struct eap_gtc_state, 1);
gtc->password = password; gtc->password = password;