mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length
If the kernel rtm_newlink or rtm_dellink send the maximum length of ifname (IFNAMSIZ), the event handlers in wpa_driver_nl80211_event_rtm_addlink() and wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the NULL termination, that equals the IFNAMSIZ. Fix the condition when IFNAME reach maximum size. Signed-off-by: Ouden <Ouden.Biz@gmail.com>
This commit is contained in:
parent
22547c3148
commit
7546c489a9
@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
|
|||||||
while (RTA_OK(attr, attrlen)) {
|
while (RTA_OK(attr, attrlen)) {
|
||||||
switch (attr->rta_type) {
|
switch (attr->rta_type) {
|
||||||
case IFLA_IFNAME:
|
case IFLA_IFNAME:
|
||||||
if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
|
if (RTA_PAYLOAD(attr) > IFNAMSIZ)
|
||||||
break;
|
break;
|
||||||
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
|
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
|
||||||
ifname[RTA_PAYLOAD(attr)] = '\0';
|
ifname[RTA_PAYLOAD(attr)] = '\0';
|
||||||
@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
|
|||||||
while (RTA_OK(attr, attrlen)) {
|
while (RTA_OK(attr, attrlen)) {
|
||||||
switch (attr->rta_type) {
|
switch (attr->rta_type) {
|
||||||
case IFLA_IFNAME:
|
case IFLA_IFNAME:
|
||||||
if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
|
if (RTA_PAYLOAD(attr) > IFNAMSIZ)
|
||||||
break;
|
break;
|
||||||
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
|
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
|
||||||
ifname[RTA_PAYLOAD(attr)] = '\0';
|
ifname[RTA_PAYLOAD(attr)] = '\0';
|
||||||
|
Loading…
Reference in New Issue
Block a user