summaryrefslogtreecommitdiff
path: root/noncore
authormjm <mjm>2002-12-28 15:45:35 (UTC)
committer mjm <mjm>2002-12-28 15:45:35 (UTC)
commit3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (side-by-side diff)
treee6f15cf4c707bbd5577eed364b01f20f152ede14 /noncore
parentb8ade08c754775d594192e79f33ea9ecc1a3686c (diff)
downloadopie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2
securityfix for get_field, updated header file
Diffstat (limited to 'noncore') (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc22
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh2
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
index 3d5a923..0630d04 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
@@ -1,123 +1,127 @@
/*
* Communication protocol
*
* $Id$
*/
#include "wl_proto.hh"
#include "wl_log.hh"
#include "wl_sock.hh"
/* Adds a field to the buffer */
-int add_field(char *buffer, char *string, int len)
+int add_field(char *buffer, const char *string, int len)
{
char newlen[5];
/* 3 Byte = Length */
snprintf(newlen, sizeof(newlen) - 1, "%.3d", len);
memcpy(buffer, newlen, 3);
/* Length bytes = Value */
memcpy(buffer + 3, string, atoi(newlen));
/* Return length of attached field */
return (atoi(newlen) + 3);
}
-int get_field(const char *buffer, char *out)
+int get_field(const char *buffer, char *out, int maxlen)
{
char len[5];
/* Get length of value */
memcpy(len, buffer, 3);
/* Copy buffer to out pointer */
- memset(out, 0, atoi(len) + 1);
- memcpy(out, buffer + 3, atoi(len));
+ memset(out, 0, maxlen);
+
+ if(atoi(len)-3 > maxlen -1)
+ memcpy(out, buffer + 3, maxlen - 1);
+ else
+ memcpy(out, buffer + 3, atoi(len));
/* Return length of whole field (including 3 byte length) */
return (atoi(len) + 3);
}
/* Send found network to UI */
int send_network_found (const char *guihost, int guiport, void *structure)
{
wl_network_t *ptr;
char buffer[2048], temp[5];
unsigned int len = 0;
ptr = (wl_network_t *)structure;
/* Type = Found new net (without length field) */
memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%.2d", NETFOUND);
memcpy(buffer, temp, 2);
len += 2;
/* Set Net-type */
memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%d", ptr->net_type);
len += add_field(buffer + len, temp, 1);
/* Set channel */
memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%.2d", ptr->channel);
len += add_field(buffer + len, temp, 2);
/* Set WEP y/n */
memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%d", ptr->wep);
len += add_field(buffer + len, temp, 1);
/* Set Mac */
len += add_field(buffer + len, ptr->mac, 17);
/* Set ssid */
if(len + ptr->ssid_len < sizeof(buffer) - 1)
len += add_field(buffer + len, ptr->bssid, ptr->ssid_len);
else
len += add_field(buffer + len, ptr->bssid, sizeof(buffer) - len - 1);
/* Send prepared buffer to UI */
#ifdef DEBUG
wl_loginfo("Sending network to UI: '%s'", buffer);
#endif
return ((!wl_send(guihost, guiport, buffer)) ? 0 : 1);
}
/* Fill buffer into structur */
int get_network_found (void *structure, const char *buffer)
{
wl_network_t *ptr;
char temp[5];
unsigned int len = 0;
ptr = (wl_network_t *)structure;
/* packet type already determined, skip check */
len += 2;
/* Get net type (accesspoint || ad-hoc || ...) */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->net_type = atoi(temp);
/* Get channel */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->channel = atoi(temp);
/* Set WEP y/n */
memset(temp, 0, sizeof(temp));
- len += get_field(buffer + len, temp);
+ len += get_field(buffer + len, temp, sizeof(temp));
ptr->wep = atoi(temp);
/* Set MAC address */
- len += get_field(buffer + len, ptr->mac);
+ len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac));
/* Set BSSID */
- len += get_field(buffer + len, ptr->bssid);
+ len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid));
return 1;
}
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
index a196091..f645f58 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
@@ -1,28 +1,30 @@
/* $Id$ */
#ifndef WLPROTO_HH
#define WLPROTO_HH
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
/* Type definitions, to be continued */
#define NETFOUND 01
#define NETLOST 02
#define STARTSNIFF 98
#define STOPSNIFF 99
+int add_field(char *, const char *, int);
+int get_field(const char *, char *, int);
int send_network_found (const char *, int, void *);
int get_network_found (void *, const char *);
typedef struct {
int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */
int ssid_len; /* Length of SSID */
int channel; /* Channel */
int wep; /* 1 = WEP enabled ; 0 = disabled */
char mac[64]; /* MAC address of Accesspoint */
char bssid[128]; /* BSSID of Net */
} wl_network_t;
#endif /* WLPROTO_HH */