[PATCH 10/23] P2PS: Add validation for P2PS PD request

Peer, Ilan ilan.peer
Tue Oct 6 11:56:41 PDT 2015


> -----Original Message-----
> From: Jouni Malinen [mailto:j at w1.fi]
> Sent: Monday, October 05, 2015 19:40
> To: Peer, Ilan
> Cc: hostap at lists.shmoo.com
> Subject: Re: [PATCH 10/23] P2PS: Add validation for P2PS PD request
> 
> On Thu, Sep 24, 2015 at 08:38:00PM +0300, Ilan Peer wrote:
> > Validate that all the required attributes appear in a P2PS PD request,
> > and in addition in case of follow-on PD request, check that the given
> > values match those of the original PD request.
> 
> This seems to be losing couple of checks and potentially allowing DoS attacks
> due to NULL pointer dereferences..
> 
> 
> > +static int p2ps_validate_pd_req(struct p2p_data *p2p,
> 
> > +	P2PS_PD_REQ_CHECK(1, adv_id);
> > +	P2PS_PD_REQ_CHECK(1, session_id);
> > +	P2PS_PD_REQ_CHECK(1, capability);
> > +	P2PS_PD_REQ_CHECK(1, p2p_device_info);
> > +	P2PS_PD_REQ_CHECK(1, feature_cap);
> 
> session_mac and adv_mac missing here..

These are unconditionally set when session_id and adv_mac are set in p2p_parse_attribute(), so I assumed it is ok to skip these checks.

Regards,

Ilan.



More information about the Hostap mailing list