mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
Fix wpa_config_parse_string() to null terminate printf decoded values
printf_decode() fills in a binary buffer and returns the length of the written data. This did not use null termination since initial use cases used the output as a binary value. However, Hotspot 2.0 cred block values are also using this for parsing strings. Those cases could end up without proper null termination depending on what os_malloc() ends up getting as the memory buffer. Fix these and make printf_decode() more convenient by forcing the output buffer to be null terminated. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
04e533e249
commit
913c19c6e5
@ -400,7 +400,7 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
|
||||
int val;
|
||||
|
||||
while (*pos) {
|
||||
if (len == maxlen)
|
||||
if (len + 1 >= maxlen)
|
||||
break;
|
||||
switch (*pos) {
|
||||
case '\\':
|
||||
@ -468,6 +468,8 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (maxlen > len)
|
||||
buf[len] = '\0';
|
||||
|
||||
return len;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user