jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-FAST peer: Clean up PAC writing function

Browse source 
Use more explicit validation of input parameters and clean up the
writes by using a local end-of-buffer variable to simplify
calculations.
This commit is contained in:
Jouni Malinen 2010-01-10 22:04:59 +02:00
parent a416fb47eb
commit 4edc521068
1 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/eap_peer/eap_fast_pac.c
View file

@ -480,8 +480,10 @@ static void eap_fast_write(char **buf, char **pos, size_t *buf_len,
{ {
size_t i, need; size_t i, need;
int ret; int ret;
char *end;
if (data == NULL || *buf == NULL) if (data == NULL || buf == NULL || *buf == NULL ||
pos == NULL || *pos == NULL || *pos < *buf)
return; return;
need = os_strlen(field) + len * 2 + 30; need = os_strlen(field) + len * 2 + 30;
@ -498,32 +500,31 @@ static void eap_fast_write(char **buf, char **pos, size_t *buf_len,
*buf = nbuf; *buf = nbuf;
*buf_len += need; *buf_len += need;
} }
end = *buf + *buf_len;
ret = os_snprintf(*pos, *buf + *buf_len - *pos, "%s=", field); ret = os_snprintf(*pos, end - *pos, "%s=", field);
if (ret < 0 || ret >= *buf + *buf_len - *pos) if (ret < 0 || ret >= end - *pos)
return; return;
*pos += ret; *pos += ret;
*pos += wpa_snprintf_hex(*pos, *buf + *buf_len - *pos, data, len); *pos += wpa_snprintf_hex(*pos, end - *pos, data, len);
ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n"); ret = os_snprintf(*pos, end - *pos, "\n");
if (ret < 0 || ret >= *buf + *buf_len - *pos) if (ret < 0 || ret >= end - *pos)
return; return;
*pos += ret; *pos += ret;
if (txt) { if (txt) {
ret = os_snprintf(*pos, *buf + *buf_len - *pos, ret = os_snprintf(*pos, end - *pos, "%s-txt=", field);
"%s-txt=", field); if (ret < 0 || ret >= end - *pos)
if (ret < 0 || ret >= *buf + *buf_len - *pos)
return; return;
*pos += ret; *pos += ret;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
ret = os_snprintf(*pos, *buf + *buf_len - *pos, ret = os_snprintf(*pos, end - *pos, "%c", data[i]);
"%c", data[i]); if (ret < 0 || ret >= end - *pos)
if (ret < 0 || ret >= *buf + *buf_len - *pos)
return; return;
*pos += ret; *pos += ret;
} }
ret = os_snprintf(*pos, *buf + *buf_len - *pos, "\n"); ret = os_snprintf(*pos, end - *pos, "\n");
if (ret < 0 || ret >= *buf + *buf_len - *pos) if (ret < 0 || ret >= end - *pos)
return; return;
*pos += ret; *pos += ret;
} }