diff options
author | James Prestwood <prestwoj@gmail.com> | 2020-03-06 11:16:27 -0800 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2020-03-06 13:08:05 -0600 |
commit | d40a8d1a6d942e1b14dc7d30267a467644ae4ff9 (patch) | |
tree | 44eef443dc54f533afc03c4a7e03eb5b7851025d | |
parent | 301d8473dfbc994af293a000d1ddf10fba6f4d28 (diff) | |
download | iwd-d40a8d1a6d942e1b14dc7d30267a467644ae4ff9.tar.gz |
eap-gtc: limit password length to maximum
The password for EAP-GTC is directly used in an EAP response. The
response buffer is created on the stack so an overly large password
could cause a stack overflow.
-rw-r--r-- | src/eap-gtc.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/eap-gtc.c b/src/eap-gtc.c index 7788d44c1..f895ec615 100644 --- a/src/eap-gtc.c +++ b/src/eap-gtc.c @@ -32,6 +32,8 @@ #include "src/eap.h" #include "src/eap-private.h" +#define EAP_GTC_MAX_PASSWORD_LEN 2048 + struct eap_gtc_state { char *password; }; @@ -148,6 +150,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap, return false; } + /* + * Limit length to prevent a stack overflow + */ + if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) { + l_free(password); + return false; + } + gtc = l_new(struct eap_gtc_state, 1); gtc->password = password; |