mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
eap-gtc: limit password length to maximum
The password for EAP-GTC is directly used in an EAP response. The response buffer is created on the stack so an overly large password could cause a stack overflow.
This commit is contained in:
parent
301d8473df
commit
d40a8d1a6d
@ -32,6 +32,8 @@
|
||||
#include "src/eap.h"
|
||||
#include "src/eap-private.h"
|
||||
|
||||
#define EAP_GTC_MAX_PASSWORD_LEN 2048
|
||||
|
||||
struct eap_gtc_state {
|
||||
char *password;
|
||||
};
|
||||
@ -148,6 +150,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap,
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* Limit length to prevent a stack overflow
|
||||
*/
|
||||
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
|
||||
l_free(password);
|
||||
return false;
|
||||
}
|
||||
|
||||
gtc = l_new(struct eap_gtc_state, 1);
|
||||
gtc->password = password;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user