[Security bug fix] Added peer address check
Added peer address size check in get capability
and get ssid functions, to avoid
crash or information leak in wpa_supplicant
Bug: 262235935
Test: Build successfully
Change-Id: I9aaa3a4b7a25a638f344a3d5f5ac7be42a3c03d1
diff --git a/wpa_supplicant/aidl/p2p_iface.cpp b/wpa_supplicant/aidl/p2p_iface.cpp
index b19895b..45dbaec 100644
--- a/wpa_supplicant/aidl/p2p_iface.cpp
+++ b/wpa_supplicant/aidl/p2p_iface.cpp
@@ -1489,6 +1489,10 @@
const std::vector<uint8_t>& peer_address)
{
struct wpa_supplicant* wpa_s = retrieveIfacePtr();
+ if (peer_address.size() != ETH_ALEN) {
+ return {std::vector<uint8_t>(),
+ createStatus(SupplicantStatusCode::FAILURE_UNKNOWN)};
+ }
const struct p2p_peer_info* info =
p2p_get_peer_info(wpa_s->global->p2p, peer_address.data(), 0);
if (!info) {
@@ -1511,6 +1515,10 @@
const std::vector<uint8_t>& peer_address)
{
struct wpa_supplicant* wpa_s = retrieveIfacePtr();
+ if (peer_address.size() != ETH_ALEN) {
+ return {static_cast<P2pGroupCapabilityMask>(0),
+ createStatus(SupplicantStatusCode::FAILURE_UNKNOWN)};
+ }
const struct p2p_peer_info* info =
p2p_get_peer_info(wpa_s->global->p2p, peer_address.data(), 0);
if (!info) {