Fix a potential SSID overflow if the SSID maximum length is extended beyond

author Roy Marples <roy@marples.name>

Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)

committer Roy Marples <roy@marples.name>

Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)
author Roy Marples <roy@marples.name>
Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)
committer Roy Marples <roy@marples.name>
Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)
diff --git a/if-bsd.c b/if-bsd.c

index 75583be495a4ac954a50855363aff08cdc91d000..ed508086c031b0848f2ad0b39f29865389b5327e 100644 (file)
--- a/if-bsd.c
+++ b/if-bsd.c
@@ -179,7 +179,7 @@ if_getssid1(int s, const char *ifname, uint8_t *ssid)
         if (ioctl(s, SIOCG80211, &ireq) == 0) {
                 if (ssid == NULL)
                         retval = ireq.i_len;
-               else if (ireq.i_len > IF_SSIDSIZE) {
+               else if (ireq.i_len > IF_SSIDSIZE - 1) {
                         errno = ENOBUFS;
                         retval = -1;
                 } else  {
diff --git a/if-linux.c b/if-linux.c

index 936baf476ee11f612c02a5400c7283014946e9fe..aad7b6907e741f4991a661588a7fa9cba9d38ea1 100644 (file)
--- a/if-linux.c
+++ b/if-linux.c
@@ -1106,7 +1106,7 @@ _if_getssid(__unused struct dhcpcd_ctx *ctx, struct interface *ifp,
         }
  
         ifp->ssid_len = NLA_LEN(tb[NL80211_ATTR_SSID]);
-       if (ifp->ssid_len > sizeof(ifp->ssid)) {
+       if (ifp->ssid_len > sizeof(ifp->ssid) - 1) {
                 errno = ENOBUFS;
                 ifp->ssid_len = 0;
                 return -1;
author	Roy Marples <roy@marples.name>
	Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)
committer	Roy Marples <roy@marples.name>
	Thu, 11 Feb 2016 15:32:19 +0000 (15:32 +0000)
if-bsd.c		patch \| blob \| blame \| history
if-linux.c		patch \| blob \| blame \| history