[PATCH 10/23] P2PS: Add validation for P2PS PD request
Peer, Ilan
ilan.peer
Tue Oct 6 11:56:41 PDT 2015
> -----Original Message-----
> From: Jouni Malinen [mailto:j at w1.fi]
> Sent: Monday, October 05, 2015 19:40
> To: Peer, Ilan
> Cc: hostap at lists.shmoo.com
> Subject: Re: [PATCH 10/23] P2PS: Add validation for P2PS PD request
>
> On Thu, Sep 24, 2015 at 08:38:00PM +0300, Ilan Peer wrote:
> > Validate that all the required attributes appear in a P2PS PD request,
> > and in addition in case of follow-on PD request, check that the given
> > values match those of the original PD request.
>
> This seems to be losing couple of checks and potentially allowing DoS attacks
> due to NULL pointer dereferences..
>
>
> > +static int p2ps_validate_pd_req(struct p2p_data *p2p,
>
> > + P2PS_PD_REQ_CHECK(1, adv_id);
> > + P2PS_PD_REQ_CHECK(1, session_id);
> > + P2PS_PD_REQ_CHECK(1, capability);
> > + P2PS_PD_REQ_CHECK(1, p2p_device_info);
> > + P2PS_PD_REQ_CHECK(1, feature_cap);
>
> session_mac and adv_mac missing here..
These are unconditionally set when session_id and adv_mac are set in p2p_parse_attribute(), so I assumed it is ok to skip these checks.
Regards,
Ilan.
More information about the Hostap
mailing list