wpa_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired command line processing for control interface event strings. Previously, it could have been possible for some of the event strings to include unsanitized data which is not suitable for system() use. (CVE-2014-3686) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
89de07a944
commit
c5f258de76
1 changed files with 8 additions and 17 deletions
|
@ -3159,28 +3159,19 @@ static int str_match(const char *a, const char *b)
|
||||||
static int wpa_cli_exec(const char *program, const char *arg1,
|
static int wpa_cli_exec(const char *program, const char *arg1,
|
||||||
const char *arg2)
|
const char *arg2)
|
||||||
{
|
{
|
||||||
char *cmd;
|
char *arg;
|
||||||
size_t len;
|
size_t len;
|
||||||
int res;
|
int res;
|
||||||
int ret = 0;
|
|
||||||
|
|
||||||
len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
|
len = os_strlen(arg1) + os_strlen(arg2) + 2;
|
||||||
cmd = os_malloc(len);
|
arg = os_malloc(len);
|
||||||
if (cmd == NULL)
|
if (arg == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
|
os_snprintf(arg, len, "%s %s", arg1, arg2);
|
||||||
if (res < 0 || (size_t) res >= len) {
|
res = os_exec(program, arg, 1);
|
||||||
os_free(cmd);
|
os_free(arg);
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
cmd[len - 1] = '\0';
|
|
||||||
#ifndef _WIN32_WCE
|
|
||||||
if (system(cmd) < 0)
|
|
||||||
ret = -1;
|
|
||||||
#endif /* _WIN32_WCE */
|
|
||||||
os_free(cmd);
|
|
||||||
|
|
||||||
return ret;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue