mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 16:58:41 -05:00
Fix wpa_config_parse_string() to null terminate printf decoded values
printf_decode() fills in a binary buffer and returns the length of the written data. This did not use null termination since initial use cases used the output as a binary value. However, Hotspot 2.0 cred block values are also using this for parsing strings. Those cases could end up without proper null termination depending on what os_malloc() ends up getting as the memory buffer. Fix these and make printf_decode() more convenient by forcing the output buffer to be null terminated. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
04e533e249
commit
913c19c6e5
@ -400,7 +400,7 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
|
|||||||
int val;
|
int val;
|
||||||
|
|
||||||
while (*pos) {
|
while (*pos) {
|
||||||
if (len == maxlen)
|
if (len + 1 >= maxlen)
|
||||||
break;
|
break;
|
||||||
switch (*pos) {
|
switch (*pos) {
|
||||||
case '\\':
|
case '\\':
|
||||||
@ -468,6 +468,8 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (maxlen > len)
|
||||||
|
buf[len] = '\0';
|
||||||
|
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user