From cbafc8ef4b01b92e97a9a1e2829a0197ee805c73 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 5 May 2020 00:18:29 +0300 Subject: [PATCH] Fix truncated control interface command detection The recvfrom() calls were supposed to use the full allocated buffer size (max+1) to match the res > max check. Fixes: 96b6dd21a022 ("Increase wpa_supplicant control interface buffer size") Signed-off-by: Jouni Malinen --- wpa_supplicant/ctrl_iface_unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c index 35a38c95f..953fd2ccf 100644 --- a/wpa_supplicant/ctrl_iface_unix.c +++ b/wpa_supplicant/ctrl_iface_unix.c @@ -142,7 +142,7 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx, buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); if (!buf) return; - res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0, + res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0, (struct sockaddr *) &from, &fromlen); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", @@ -1066,7 +1066,7 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx, buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); if (!buf) return; - res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0, + res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0, (struct sockaddr *) &from, &fromlen); if (res < 0) { wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",