Переглянути джерело

wpa_supplicant: Fix sprintf security bugs.

Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624
Sagar Bijwe 6 роки тому
батько
коміт
8e58b31a69

+ 1 - 2
components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c

@@ -732,8 +732,7 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
 
 	if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
 	{
-		//ret = os_snprintf(buf + len, buflen - len,
-		ret = sprintf(buf + len,
+		ret = os_snprintf(buf + len, buflen - len,
 				  "EAP TLS cipher=%s\n", name);
 		if (ret < 0 || (size_t) ret >= buflen - len)
 			return len;

+ 1 - 2
components/wpa_supplicant/src/wpa2/tls/asn1.c

@@ -152,8 +152,7 @@ void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
 	buf[0] = '\0';
 
 	for (i = 0; i < oid->len; i++) {
-		//ret = os_snprintf(pos, buf + len - pos,
-		ret = sprintf(pos,
+		ret = os_snprintf(pos, buf + len - pos,
 				  "%s%lu",
 				  i == 0 ? "" : ".", oid->oid[i]);
 		if (ret < 0 || ret >= buf + len - pos)