nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length

If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.

Fix the condition when IFNAME reach maximum size.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
This commit is contained in:
Ouden 2020-03-18 17:58:37 +08:00 committed by Jouni Malinen
parent 22547c3148
commit 7546c489a9

View File

@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
while (RTA_OK(attr, attrlen)) { while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) { switch (attr->rta_type) {
case IFLA_IFNAME: case IFLA_IFNAME:
if (RTA_PAYLOAD(attr) >= IFNAMSIZ) if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break; break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0'; ifname[RTA_PAYLOAD(attr)] = '\0';
@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
while (RTA_OK(attr, attrlen)) { while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) { switch (attr->rta_type) {
case IFLA_IFNAME: case IFLA_IFNAME:
if (RTA_PAYLOAD(attr) >= IFNAMSIZ) if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break; break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0'; ifname[RTA_PAYLOAD(attr)] = '\0';