Add an abort condition if the buffer to read might exceed the
allocated read buffer size. Assume that the allocated buffer is too
small if the return value from recvfrom is equal the allocated
buffer size - 1.
Signed-off-by: Andreas Tobler <andreastt@xxxxxxxxx>
---
wpa_supplicant/ctrl_iface_unix.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 171794de9..fa550ef7f 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -1060,6 +1060,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
strerror(errno));
return;
}
+ if (res == sizeof(buf) - 1) {
+ wpa_printf(MSG_ERROR,
+ "recvfrom(ctrl_iface): receive buffer too small");
+ return;
+ }
buf[res] = '\0';
if (os_strcmp(buf, "ATTACH") == 0) {
--
2.25.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
