From: Cheoleun Moon <chleun.moon@samsung.com>
Date: Thu, 2 Apr 2020 10:21:24 +0000 (+0900)
Subject: Check the length of output parameter
X-Git-Tag: submit/tizen/20200403.050222~2^2^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e2e5b9924ee6a8c83df8247fc9f47aab63a5fd92;p=platform%2Fcore%2Fapi%2Fwifi-aware.git

Check the length of output parameter
---

diff --git a/src/wifi-aware-private.c b/src/wifi-aware-private.c
index fcc5506..67af6a5 100644
--- a/src/wifi-aware-private.c
+++ b/src/wifi-aware-private.c
@@ -1065,6 +1065,11 @@ static void __service_discovered_cb(GDBusConnection *connection,
 			&sub_id, &peer_id, peer_mac,
 			specific_info, &specific_info_len);
 
+	if (specific_info_len > WIFI_AWARE_MAX_SERVICE_SPECIFIC_INFO_LEN) {
+		WIFI_AWARE_LOGE("Too long service specific info");
+		return;
+	}
+
 	uint16_t session_pub_sub_id = _wifi_aware_session_get_pub_sub_id(session);
 	if (sub_id == 0 || session_pub_sub_id != sub_id) {
 		WIFI_AWARE_LOGE("Invalid subscribe ID (%u:%u)", session_pub_sub_id, sub_id);
@@ -1099,6 +1104,10 @@ static void __message_received_cb(GDBusConnection *connection,
 
 	__parsing_message_received_event(parameters, &peer_id, peer_mac,
 			message, &message_len);
+	if (message_len > WIFI_AWARE_MAX_SERVICE_SPECIFIC_INFO_LEN) {
+		WIFI_AWARE_LOGE("Too long message %u", message_len);
+		return;
+	}
 
 	WIFI_AWARE_LOGD("Peer ID: %u", peer_id);
 	if (__get_peer_handle(peer_id, &peer) != WIFI_AWARE_ERROR_NONE) {