diff mbox series

[5/5] p2putil: check length of client info description

Message ID 20240229170734.1498918-5-prestwoj@gmail.com (mailing list archive)
State Accepted, archived
Headers show
Series [1/5] auto-t: end process_io on HUP signal, detect process crash | expand

Checks

Context Check Description
tedd_an/pre-ci_am success Success
prestwoj/iwd-ci-gitlint success GitLint

Commit Message

James Prestwood Feb. 29, 2024, 5:07 p.m. UTC 
A length check was missing which could cause a out of bounds read.

Co-authored-by: Alex Radocea <alex@supernetworks.org>
---
 src/p2putil.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/src/p2putil.c b/src/p2putil.c
index c90810e5..d1f114d0 100644
--- a/src/p2putil.c
+++ b/src/p2putil.c
@@ -376,6 +376,9 @@  static bool extract_p2p_group_info(const uint8_t *attr, size_t len,
 		desc = l_new(struct p2p_client_info_descriptor, 1);
 		l_queue_push_tail(*out, desc);
 
+		if (desc_len < 24)
+			goto error;
+
 		memcpy(desc->device_addr, attr + 0, 6);
 		memcpy(desc->interface_addr, attr + 6, 6);
 		desc->device_caps = attr[12];