Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wpa_supplicant: Fix sprintf security bugs.

Browse source 
Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624
This commit is contained in:
Sagar Bijwe 2019-06-19 19:33:34 +05:30
parent bf152907a4
commit 8e58b31a69
2 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
View file

@ -732,8 +732,7 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
{
//ret = os_snprintf(buf + len, buflen - len,
ret = sprintf(buf + len,
ret = os_snprintf(buf + len, buflen - len,
"EAP TLS cipher=%s\n", name);
if (ret < 0 || (size_t) ret >= buflen - len)
return len;

3
components/wpa_supplicant/src/wpa2/tls/asn1.c
View file

@ -152,8 +152,7 @@ void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
buf[0] = '\0';
for (i = 0; i < oid->len; i++) {
//ret = os_snprintf(pos, buf + len - pos,
ret = sprintf(pos,
ret = os_snprintf(pos, buf + len - pos,
"%s%lu",
i == 0 ? "" : ".", oid->oid[i]);
if (ret < 0 || ret >= buf + len - pos)