Check sscanf() return value in TWT_SETUP parsing

author Jouni Malinen <j@w1.fi>

Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)

committer Jouni Malinen <j@w1.fi>

Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)
author Jouni Malinen <j@w1.fi>
Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)
committer Jouni Malinen <j@w1.fi>
Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c

index 3d8e6630bf30c5f0d44d5a339057f431415daf78..ac337e0f58b2110bf94080533cd5916cc6ba129c 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -10027,8 +10027,9 @@ static int wpas_ctrl_iface_send_twt_setup(struct wpa_supplicant *wpa_s,
                 setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));
  
         tok_s = os_strstr(cmd, " twt=");
-       if (tok_s)
-               sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
+       if (tok_s &&
+           sscanf(tok_s + os_strlen(" twt="), "%llu", &twt) != 1)
+               return -1;
  
         tok_s = os_strstr(cmd, " requestor=");
         if (tok_s)
author	Jouni Malinen <j@w1.fi>
	Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)
committer	Jouni Malinen <j@w1.fi>
	Sun, 8 May 2022 13:55:45 +0000 (16:55 +0300)