mirror of
https://git.freebsd.org/ports.git
synced 2025-06-16 10:10:31 -04:00
d856fd137b
There was a vulnerability to the WPS_NFC option which is off by default. The port is being bumped anyway since people using that option will want the latest version. PR: 201432 Submitted by: Jason Unovitch
21 lines
577 B
C
21 lines
577 B
C
--- src/wps/ndef.c.orig 2015-03-15 17:30:39 UTC
|
|
+++ src/wps/ndef.c
|
|
@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *d
|
|
if (size < 6)
|
|
return -1;
|
|
record->payload_length = ntohl(*(u32 *)pos);
|
|
+ if (record->payload_length > size - 6)
|
|
+ return -1;
|
|
pos += sizeof(u32);
|
|
}
|
|
|
|
@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *d
|
|
pos += record->payload_length;
|
|
|
|
record->total_length = pos - data;
|
|
- if (record->total_length > size)
|
|
+ if (record->total_length > size ||
|
|
+ record->total_length < record->payload_length)
|
|
return -1;
|
|
return 0;
|
|
}
|