diff options
author | David Herrmann <dh.herrmann@gmail.com> | 2014-02-06 10:01:13 +0100 |
---|---|---|
committer | David Herrmann <dh.herrmann@gmail.com> | 2014-02-06 10:01:13 +0100 |
commit | f54cc3600811c01354a510f554f937c5bb318c95 (patch) | |
tree | 7eb47157cebc16941d9dc6d2510924f58fca14c1 | |
parent | 6cbb247f876063145c4426bdeb98e7052c2205b0 (diff) |
wpa: zero-terminate all replies
Require reply-bufs to be at least of size 2 and use the last byte as
terminating zero at all times. This makes dealing with ugly WPA requests
much simpler and safer.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-rw-r--r-- | src/wpa_ctrl.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/wpa_ctrl.c b/src/wpa_ctrl.c index cb4a62b..fa3a643 100644 --- a/src/wpa_ctrl.c +++ b/src/wpa_ctrl.c @@ -668,7 +668,7 @@ static int timed_recv(int fd, void *reply, size_t *reply_len, int64_t *timeout, /* We ignore any event messages ('<') on this * fd as they're handled via a separate pipe. * Return the received reply unchanged. */ - *reply_len = l; + *reply_len = (l > *reply_len) ? *reply_len : l; done = true; } } @@ -696,7 +696,7 @@ static int wpa_request(int fd, const void *cmd, size_t cmd_len, int64_t *t, t1 = -1, max; int r; - if (!cmd || !cmd_len || !reply || !reply_len) + if (!cmd || !cmd_len) return -EINVAL; if (fd < 0) return -ENODEV; @@ -709,6 +709,9 @@ static int wpa_request(int fd, const void *cmd, size_t cmd_len, reply = buf; if (!reply_len) reply_len = &l; + if (*reply_len < 2) + return -EINVAL; + *reply_len -= 1; /* use a maximum of 10s */ max = 10LL * 1000LL * 1000LL; @@ -724,6 +727,7 @@ static int wpa_request(int fd, const void *cmd, size_t cmd_len, r = timed_recv(fd, reply, reply_len, t, mask); if (r < 0) return r; + ((char*)reply)[*reply_len] = 0; return 0; } @@ -778,6 +782,7 @@ int wfd_wpa_ctrl_request_ok(struct wfd_wpa_ctrl *wpa, const void *cmd, if (!wpa) return -EINVAL; + r = wfd_wpa_ctrl_request(wpa, cmd, cmd_len, buf, &l, timeout); if (r < 0) return r; |