From: Ouden <Ouden.Biz@gmail.com>
Date: Wed, 18 Mar 2020 09:58:37 +0000 (+0800)
Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length
X-Git-Tag: hostap_2_10~1597
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7546c489a95a033c78331915fcdfa0e6fd74d563;p=thirdparty%2Fhostap.git

nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length

If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.

Fix the condition when IFNAME reach maximum size.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
---

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index efcd69ad2..c071cc0e0 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';
@@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
 	while (RTA_OK(attr, attrlen)) {
 		switch (attr->rta_type) {
 		case IFLA_IFNAME:
-			if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
 				break;
 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
 			ifname[RTA_PAYLOAD(attr)] = '\0';