[PATCH 2/3] hs20-osu-client: Check length of language code
Jouni Malinen
j at w1.fi
Sun Jun 19 12:24:54 PDT 2016
On Tue, Jun 14, 2016 at 12:49:44PM +0000, Cedric Izoard wrote:
> Compute the actual language code length and don't assume
> it is 3 characters long
Would you happen to have an example where this is needed and the current
implementation not handling a two character language code?
> diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
> @@ -2794,18 +2794,20 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
> + int lang_len = os_strlen(ctx->friendly_name[j].lang);
> +
> for (i = 0; i < cert->num_othername; i++) {
> if (os_strcmp(cert->othername[i].oid,
> "1.3.6.1.4.1.40808.1.1.1") != 0)
> continue;
> - if (cert->othername[i].len < 3)
> + if (cert->othername[i].len < lang_len)
> continue;
This does not look correct. id-wfa-hotspot-friendlyName is defined in a
way that it shall start with a three octet field containing the country
code. If this is a two octet country code, there would still need to be
three octets with the last one being 0x00.
> if (os_strncasecmp((char *) cert->othername[i].data,
> - ctx->friendly_name[j].lang, 3) != 0)
> + ctx->friendly_name[j].lang, lang_len) != 0)
This would not catch a case where ctx->friendly_name[j].lang is a two
octet value and cert->othername[i].data has a three octet country code.
Such a case should not allow to be continued.. os_strncasecmp with fixed
length 3 does check for that as well.
> - if (os_strncmp((char *) cert->othername[i].data + 3,
> + if (os_strncmp((char *) cert->othername[i].data + lang_len,
> ctx->friendly_name[j].text,
> - cert->othername[i].len - 3) == 0) {
> + cert->othername[i].len - lang_len) == 0) {
This is not correct either since cert->othername[i].data (i.e.,
id-wfa-hotspot-friendlyName) starts with a fixed length three octet
country code field.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list