jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

dbus: Use snprintf() and bounds checking instead of strcat()

Browse source 
Better make sure we do not end up writing over the end of the local
registered_sig buffer regardless of how many arguments are used in
dbus method description.
This commit is contained in:
Jouni Malinen 2009-11-10 18:29:38 +02:00 committed by Jouni Malinen
parent d69780dcbb
commit 68e7cb49b4
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
wpa_supplicant/ctrl_iface_dbus_new_helpers.c
View file

@ -975,17 +975,22 @@ static int is_signature_correct(DBusMessage * message,
{ {
/* According to DBus documentation max length of signature is 255 */ /* According to DBus documentation max length of signature is 255 */
#define MAX_SIG_LEN 256 #define MAX_SIG_LEN 256
char registered_sig[MAX_SIG_LEN], *pos;
char registered_sig[MAX_SIG_LEN];
const char *sig = dbus_message_get_signature(message); const char *sig = dbus_message_get_signature(message);
int i; int i, ret;
registered_sig[0] = 0; pos = registered_sig;
*pos = '\0';
for (i = 0; i < method_dsc->args_num; i++) { for (i = 0; i < method_dsc->args_num; i++) {
struct wpa_dbus_argument arg = method_dsc->args[i]; struct wpa_dbus_argument arg = method_dsc->args[i];
if (arg.dir == ARG_IN) if (arg.dir == ARG_IN) {
strcat(registered_sig, arg.type); size_t blen = registered_sig + MAX_SIG_LEN - pos;
ret = os_snprintf(pos, blen, "%s", arg.type);
if (ret < 0 || (size_t) ret >= blen)
return 0;
pos += ret;
}
} }
return !os_strncmp(registered_sig, sig, MAX_SIG_LEN); return !os_strncmp(registered_sig, sig, MAX_SIG_LEN);