Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

Fix truncated control interface command detection

Browse Source 
The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.

Fixes: 96b6dd21a0 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-05-05 00:18:29 +03:00
parent c32c3bcc6b
commit cbafc8ef4b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wpa_supplicant/ctrl_iface_unix.c
View File

@ -142,7 +142,7 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
if (!buf) if (!buf)
return; return;
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0, res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
(struct sockaddr *) &from, &fromlen); (struct sockaddr *) &from, &fromlen);
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
@ -1066,7 +1066,7 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
buf = os_malloc(CTRL_IFACE_MAX_LEN + 1); buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
if (!buf) if (!buf)
return; return;
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0, res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
(struct sockaddr *) &from, &fromlen); (struct sockaddr *) &from, &fromlen);
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s", wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",