Fix truncated control interface command detection

The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.

Fixes: 96b6dd21a022 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 35a38c95f2a8c5ab489ce4fe62fd29ae1fe42720..953fd2ccfe50a1ad6cbc1c1343da37d87ef2a449 100644 (file)
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -142,7 +142,7 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
        buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
        if (!buf)
                return;
-       res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
+       res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
                       (struct sockaddr *) &from, &fromlen);
        if (res < 0) {
                wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
@@ -1066,7 +1066,7 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
        buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
        if (!buf)
                return;
-       res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
+       res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
                       (struct sockaddr *) &from, &fromlen);
        if (res < 0) {
                wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",