ext_password_file: Ensure full key match with password file entries

When searching for a matching key in the external password file, strings
were only compared up to the length of the key in the file. This meant
searching for key "foo" could retrieve the incorrect password if keys
"f" or "fo" were defined earlier in the file.

Signed-off-by: Joshua Manchester <joshuamanchester4@gmail.com>

diff --git a/src/utils/ext_password_file.c b/src/utils/ext_password_file.c
index 312251263ad1ec2c281c2c9d16a9413624bdaea0..158500ced2050552e7b38f6ed5a49939eb0de600 100644 (file)
--- a/src/utils/ext_password_file.c
+++ b/src/utils/ext_password_file.c
@@ -83,6 +83,7 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
        struct ext_password_file_data *data = ctx;
        struct wpabuf *password = NULL;
        char buf[512], *pos;
+       size_t name_len;
        int line = 0;
        FILE *f;
 
@@ -94,6 +95,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
                return NULL;
        }
 
+       name_len = os_strlen(name);
+
        wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
 
        while ((pos = fgets(buf, sizeof(buf), f))) {
@@ -121,7 +124,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
 
                }
 
-               if (os_strncmp(name, pos, sep - pos) != 0)
+               if (name_len != (size_t) (sep - pos) ||
+                   os_strncmp(name, pos, sep - pos) != 0)
                        continue;
 
                password = wpabuf_alloc_copy(sep + 1, os_strlen(sep + 1));