aboutsummaryrefslogtreecommitdiff
path: root/wpa_supplicant/aidl/misc_utils.h
diff options
context:
space:
mode:
Diffstat (limited to 'wpa_supplicant/aidl/misc_utils.h')
-rw-r--r--wpa_supplicant/aidl/misc_utils.h22
1 files changed, 20 insertions, 2 deletions
diff --git a/wpa_supplicant/aidl/misc_utils.h b/wpa_supplicant/aidl/misc_utils.h
index 5c5b68ca..d0330e0f 100644
--- a/wpa_supplicant/aidl/misc_utils.h
+++ b/wpa_supplicant/aidl/misc_utils.h
@@ -88,6 +88,7 @@ inline std::stringstream& serializePmkCacheEntry(
ss.write((char *) pmksa_entry->pmk, pmksa_entry->pmk_len);
ss.write((char *) pmksa_entry->pmkid, PMKID_LEN);
ss.write((char *) pmksa_entry->aa, ETH_ALEN);
+ ss.write((char *) pmksa_entry->spa, ETH_ALEN);
// Omit wpa_ssid field because the network is created on connecting to a access point.
ss.write((char *) &pmksa_entry->akmp, sizeof(pmksa_entry->akmp));
ss.write((char *) &pmksa_entry->reauth_time, sizeof(pmksa_entry->reauth_time));
@@ -100,13 +101,25 @@ inline std::stringstream& serializePmkCacheEntry(
return ss;
}
-inline std::stringstream& deserializePmkCacheEntry(
+inline std::int8_t deserializePmkCacheEntry(
std::stringstream &ss, struct rsn_pmksa_cache_entry *pmksa_entry) {
ss.seekg(0);
+ if (ss.str().size() < sizeof(pmksa_entry->pmk_len)) {
+ return -1;
+ }
+
ss.read((char *) &pmksa_entry->pmk_len, sizeof(pmksa_entry->pmk_len));
+ if ((pmksa_entry->pmk_len > PMK_LEN_MAX) ||
+ (ss.str().size() < (sizeof(pmksa_entry->pmk_len) + pmksa_entry->pmk_len +
+ PMKID_LEN + ETH_ALEN + ETH_ALEN + sizeof(pmksa_entry->akmp) +
+ sizeof(pmksa_entry->reauth_time) + sizeof(pmksa_entry->expiration) +
+ sizeof(pmksa_entry->opportunistic) + 1 /* fils_cache_id_set */)))
+ return -1;
+
ss.read((char *) pmksa_entry->pmk, pmksa_entry->pmk_len);
ss.read((char *) pmksa_entry->pmkid, PMKID_LEN);
ss.read((char *) pmksa_entry->aa, ETH_ALEN);
+ ss.read((char *) pmksa_entry->spa, ETH_ALEN);
// Omit wpa_ssid field because the network is created on connecting to a access point.
ss.read((char *) &pmksa_entry->akmp, sizeof(pmksa_entry->akmp));
ss.read((char *) &pmksa_entry->reauth_time, sizeof(pmksa_entry->reauth_time));
@@ -115,8 +128,13 @@ inline std::stringstream& deserializePmkCacheEntry(
char byte = 0;
ss.read((char *) &byte, sizeof(byte));
pmksa_entry->fils_cache_id_set = (byte) ? 1 : 0;
+ if (pmksa_entry->fils_cache_id_set == 1) {
+ if((ss.str().size() - static_cast<uint32_t>(ss.tellg())) < FILS_CACHE_ID_LEN)
+ return -1;
+ }
+
ss.read((char *) pmksa_entry->fils_cache_id, FILS_CACHE_ID_LEN);
- return ss;
+ return 0;
}
} // namespace misc_utils
} // namespace supplicant
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 03:58:08 +0000