jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix truncated control interface command detection

Browse source 
The recvfrom() calls were supposed to use the full allocated buffer size
(max+1) to match the res > max check.

Fixes: 96b6dd21a0 ("Increase wpa_supplicant control interface buffer size")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-05-05 00:18:29 +03:00
parent c32c3bcc6b
commit cbafc8ef4b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
wpa_supplicant/ctrl_iface_unix.c
View file

@ -142,7 +142,7 @@ static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
if (!buf)
return;
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
(struct sockaddr *) &from, &fromlen);
if (res < 0) {
wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
@ -1066,7 +1066,7 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
buf = os_malloc(CTRL_IFACE_MAX_LEN + 1);
if (!buf)
return;
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN, 0,
res = recvfrom(sock, buf, CTRL_IFACE_MAX_LEN + 1, 0,
(struct sockaddr *) &from, &fromlen);
if (res < 0) {
wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",