summaryrefslogtreecommitdiff
authormjm <mjm>2002-12-28 15:45:35 (UTC)
committer mjm <mjm>2002-12-28 15:45:35 (UTC)
commit3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (side-by-side diff)
treee6f15cf4c707bbd5577eed364b01f20f152ede14
parentb8ade08c754775d594192e79f33ea9ecc1a3686c (diff)
downloadopie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2
securityfix for get_field, updated header file
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc22
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh2
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
index 3d5a923..0630d04 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
@@ -6,13 +6,13 @@
#include "wl_proto.hh"
#include "wl_log.hh"
#include "wl_sock.hh"
/* Adds a field to the buffer */
-int add_field(char *buffer, char *string, int len)
+int add_field(char *buffer, const char *string, int len)
{
char newlen[5];
/* 3 Byte = Length */
snprintf(newlen, sizeof(newlen) - 1, "%.3d", len);
memcpy(buffer, newlen, 3);
@@ -21,22 +21,26 @@ int add_field(char *buffer, char *string, int len)
memcpy(buffer + 3, string, atoi(newlen));
/* Return length of attached field */
return (atoi(newlen) + 3);
}
-int get_field(const char *buffer, char *out)
+int get_field(const char *buffer, char *out, int maxlen)
{
char len[5];
/* Get length of value */
memcpy(len, buffer, 3);
/* Copy buffer to out pointer */
- memset(out, 0, atoi(len) + 1);
- memcpy(out, buffer + 3, atoi(len));
+ memset(out, 0, maxlen);
+
+ if(atoi(len)-3 > maxlen -1)
+ memcpy(out, buffer + 3, maxlen - 1);
+ else
+ memcpy(out, buffer + 3, atoi(len));
/* Return length of whole field (including 3 byte length) */
return (atoi(len) + 3);
}
/* Send found network to UI */
@@ -97,27 +101,27 @@ int get_network_found (void *structure, const char *buffer)
/* packet type already determined, skip check */
len += 2;
/* Get net type (accesspoint || ad-hoc || ...) */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->net_type = atoi(temp);
/* Get channel */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->channel = atoi(temp);
/* Set WEP y/n */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->wep = atoi(temp);
/* Set MAC address */
- len += get_field(buffer + len, ptr->mac);
+ len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac));
/* Set BSSID */
- len += get_field(buffer + len, ptr->bssid);
+ len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid));
return 1;
}
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
index a196091..f645f58 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
@@ -10,12 +10,14 @@
/* Type definitions, to be continued */
#define NETFOUND 01
#define NETLOST 02
#define STARTSNIFF 98
#define STOPSNIFF 99
+int add_field(char *, const char *, int);
+int get_field(const char *, char *, int);
int send_network_found (const char *, int, void *);
int get_network_found (void *, const char *);
typedef struct {
int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */
int ssid_len; /* Length of SSID */