> On Wed, Apr 03, 2019 at 06:17:11PM +0300, Andrei Otcheretianski wrote: > > The way that the P2P Device interface name was constructed, might > > result with an interface name that exceeds the maximal allowed > > interface name length (IFNAMSZ). > > > > Fix this by properly limiting the created interface name length. > > How is this supposed to work and guarantee that the truncated interface name > would be unique? It is not guaranteed to be unique. That's why we print a warning. In this case and in case that the driver can't handle this, wpa_drv_if_add() will probably return an error. Anyway it's a p2p device, so most probably there will be no such issue. > > > diff --git a/wpa_supplicant/p2p_supplicant.c > > b/wpa_supplicant/p2p_supplicant.c @@ -3794,14 +3794,21 @@ int > > wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s, { > > struct wpa_interface iface; > > struct wpa_supplicant *p2pdev_wpa_s; > > - char ifname[100]; > > - char force_name[100]; > > + char ifname[IFNAMSIZ]; > > + char force_name[IFNAMSIZ]; > > IFNAMSIZ as the array length would mean that the array can hold only > IFNAMSIZ-1 character long name, so this would be truncating to shorter than > IFNAMSIZ characters.. I think IFNAMSIZ includes the NULL terminator. Though in quite a lot of places in the code it's indeed used with +1 for some reason. Here is a nl80211 policy as an example: "[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }," > > > ret = os_snprintf(ifname, sizeof(ifname), P2P_MGMT_DEVICE_PREFIX > "%s", > > wpa_s->ifname); > > - if (os_snprintf_error(sizeof(ifname), ret)) > > + > > + if (ret >= IFNAMSIZ) { > > + wpa_printf(MSG_WARNING, > > + "P2P: P2P Device interface name truncated=%s", > > + ifname); > > + } else if (ret < 0) { > > return -1; > > + } > > So what if snprintf return IFNAMSIZ? Wouldn't that leave ifname[] without nul > termination here? And that could result in reading beyond the end of the buffer > when using this string, e.g., in that wpa_printf() print. snprintf() never leaves strings without NULL termination. So it's ok. Andrei > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap