From: Jouni Malinen <j@w1.fi>
Date: Sun, 8 May 2022 13:55:45 +0000 (+0300)
Subject: Check sscanf() return value in TWT_SETUP parsing
X-Git-Tag: hostap_2_11~1915
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f3ce0571c3d1e71ef010d9d19c1697bd9740d59;p=thirdparty%2Fhostap.git

Check sscanf() return value in TWT_SETUP parsing

Reject invalid values instead of proceeding.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 3d8e6630b..ac337e0f5 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -10027,8 +10027,9 @@ static int wpas_ctrl_iface_send_twt_setup(struct wpa_supplicant *wpa_s,
 		setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));
 
 	tok_s = os_strstr(cmd, " twt=");
-	if (tok_s)
-		sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
+	if (tok_s &&
+	    sscanf(tok_s + os_strlen(" twt="), "%llu", &twt) != 1)
+		return -1;
 
 	tok_s = os_strstr(cmd, " requestor=");
 	if (tok_s)