[PATCH v2 3/3] eap-gtc: limit password length to maximum

The password for EAP-GTC is directly used in an EAP response. The response buffer is created on the stack so an overly large password could cause a stack overflow. --- src/eap-gtc.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/eap-gtc.c b/src/eap-gtc.c index 7788d44c..19447b0f 100644 --- a/src/eap-gtc.c +++ b/src/eap-gtc.c @@ -31,6 +31,7 @@ #include "src/missing.h" #include "src/eap.h" #include "src/eap-private.h" +#include "src/iwd.h" struct eap_gtc_state { char *password; @@ -148,6 +149,14 @@ static bool eap_gtc_load_settings(struct eap_state *eap, return false; } + /* + * Limit length to prevent a stack overflow + */ + if (strlen(password) > IWD_MAX_PASSWORD_LEN) { + l_free(password); + return false; + } + gtc = l_new(struct eap_gtc_state, 1); gtc->password = password; -- 2.17.1