d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net80211: proper ssid length check in setmlme_assoc_adhoc()

Browse Source 
A user supplied SSID length is used without proper checks in
setmlme_assoc_adhoc() which can lead to copies beyond the end
of the user supplied buffer.
The ssid is a fixed size array for the ioctl and the argument
to setmlme_assoc_adhoc().
In addition to an ssid_len check of 0 also error in case the
ssid_len is larger than the size of the ssid array to prevent
problems.

PR:		254737
Reported by:	Tommaso (cutesmilee.research protonmail.com)
MFC after:	3 days
Reviewed by:	emaste, adrian
Differential Revision: https://reviews.freebsd.org/D32341
This commit is contained in:
Bjoern A. Zeeb 2021-10-06 18:41:37 +00:00
parent bd19202c92
commit 526370fb85
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/net80211/ieee80211_ioctl.c
View File

@ -1591,7 +1591,7 @@ setmlme_assoc_adhoc(struct ieee80211vap *vap,
("expected opmode IBSS or AHDEMO not %s",
ieee80211_opmode_name[vap->iv_opmode]));
if (ssid_len == 0)
if (ssid_len == 0 || ssid_len > sizeof(ssid))
return EINVAL;
sr = IEEE80211_MALLOC(sizeof(*sr), M_TEMP,