mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use os_snprintf_error() where the comparison was 'res > size' instead of 'res >= size - 1'. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || (size_t) E1 >= E3 - 1) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
7bdd8981f7
commit
eeab4f2fda
@ -393,7 +393,7 @@ static int hostapd_cli_cmd_wps_check_pin(struct wpa_ctrl *ctrl, int argc,
|
||||
else
|
||||
res = os_snprintf(cmd, sizeof(cmd), "WPS_CHECK_PIN %s",
|
||||
argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long WPS_CHECK_PIN command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -456,7 +456,7 @@ static int hostapd_cli_cmd_wps_nfc_config_token(struct wpa_ctrl *ctrl,
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "WPS_NFC_CONFIG_TOKEN %s",
|
||||
argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long WPS_NFC_CONFIG_TOKEN command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -477,7 +477,7 @@ static int hostapd_cli_cmd_wps_nfc_token(struct wpa_ctrl *ctrl,
|
||||
}
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "WPS_NFC_TOKEN %s", argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long WPS_NFC_TOKEN command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -499,7 +499,7 @@ static int hostapd_cli_cmd_nfc_get_handover_sel(struct wpa_ctrl *ctrl,
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "NFC_GET_HANDOVER_SEL %s %s",
|
||||
argv[0], argv[1]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long NFC_GET_HANDOVER_SEL command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -641,7 +641,7 @@ static int hostapd_cli_cmd_bss_tm_req(struct wpa_ctrl *ctrl, int argc,
|
||||
for (i = 1; i < argc; i++) {
|
||||
tmp = &buf[total];
|
||||
res = os_snprintf(tmp, sizeof(buf) - total, " %s", argv[i]);
|
||||
if (res < 0 || (size_t) res >= sizeof(buf) - total - 1)
|
||||
if (os_snprintf_error(sizeof(buf) - total, res))
|
||||
return -1;
|
||||
total += res;
|
||||
}
|
||||
@ -893,7 +893,7 @@ static int hostapd_cli_cmd_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
}
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "SET %s %s", argv[0], argv[1]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long SET command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -913,7 +913,7 @@ static int hostapd_cli_cmd_get(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
}
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "GET %s", argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long GET command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -941,7 +941,7 @@ static int hostapd_cli_cmd_chan_switch(struct wpa_ctrl *ctrl,
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "CHAN_SWITCH %s %s",
|
||||
argv[0], argv[1]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long CHAN_SWITCH command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -950,7 +950,7 @@ static int hostapd_cli_cmd_chan_switch(struct wpa_ctrl *ctrl,
|
||||
for (i = 2; i < argc; i++) {
|
||||
tmp = cmd + total;
|
||||
res = os_snprintf(tmp, sizeof(cmd) - total, " %s", argv[i]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - total - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd) - total, res)) {
|
||||
printf("Too long CHAN_SWITCH command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -994,7 +994,7 @@ static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
|
||||
res = os_snprintf(cmd, sizeof(cmd), "VENDOR %s %s %s", argv[0], argv[1],
|
||||
argc == 3 ? argv[2] : "");
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long VENDOR command.\n");
|
||||
return -1;
|
||||
}
|
||||
|
@ -584,7 +584,7 @@ static int wpa_cli_cmd_set(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
|
||||
if (argc == 1) {
|
||||
res = os_snprintf(cmd, sizeof(cmd), "SET %s ", argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long SET command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -733,7 +733,7 @@ static int wpa_cli_cmd_bss_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH 0");
|
||||
else
|
||||
res = os_snprintf(cmd, sizeof(cmd), "BSS_FLUSH %s", argv[0]);
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long BSS_FLUSH command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -908,7 +908,7 @@ static int wpa_cli_cmd_wps_reg(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long WPS_REG command.\n");
|
||||
return -1;
|
||||
}
|
||||
@ -1033,7 +1033,7 @@ static int wpa_cli_cmd_wps_er_config(struct wpa_ctrl *ctrl, int argc,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (res < 0 || (size_t) res >= sizeof(cmd) - 1) {
|
||||
if (os_snprintf_error(sizeof(cmd), res)) {
|
||||
printf("Too long WPS_ER_CONFIG command.\n");
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user