author | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
---|---|---|
committer | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
commit | 3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (side-by-side diff) | |
tree | e6f15cf4c707bbd5577eed364b01f20f152ede14 /noncore | |
parent | b8ade08c754775d594192e79f33ea9ecc1a3686c (diff) | |
download | opie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2 |
securityfix for get_field, updated header file
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc | 22 | ||||
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh | 2 |
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc index 3d5a923..0630d04 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc @@ -1,123 +1,127 @@ /* * Communication protocol * * $Id$ */ #include "wl_proto.hh" #include "wl_log.hh" #include "wl_sock.hh" /* Adds a field to the buffer */ -int add_field(char *buffer, char *string, int len) +int add_field(char *buffer, const char *string, int len) { char newlen[5]; /* 3 Byte = Length */ snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); memcpy(buffer, newlen, 3); /* Length bytes = Value */ memcpy(buffer + 3, string, atoi(newlen)); /* Return length of attached field */ return (atoi(newlen) + 3); } -int get_field(const char *buffer, char *out) +int get_field(const char *buffer, char *out, int maxlen) { char len[5]; /* Get length of value */ memcpy(len, buffer, 3); /* Copy buffer to out pointer */ - memset(out, 0, atoi(len) + 1); - memcpy(out, buffer + 3, atoi(len)); + memset(out, 0, maxlen); + + if(atoi(len)-3 > maxlen -1) + memcpy(out, buffer + 3, maxlen - 1); + else + memcpy(out, buffer + 3, atoi(len)); /* Return length of whole field (including 3 byte length) */ return (atoi(len) + 3); } /* Send found network to UI */ int send_network_found (const char *guihost, int guiport, void *structure) { wl_network_t *ptr; char buffer[2048], temp[5]; unsigned int len = 0; ptr = (wl_network_t *)structure; /* Type = Found new net (without length field) */ memset(temp, 0, sizeof(temp)); snprintf(temp, sizeof(temp), "%.2d", NETFOUND); memcpy(buffer, temp, 2); len += 2; /* Set Net-type */ memset(temp, 0, sizeof(temp)); snprintf(temp, sizeof(temp), "%d", ptr->net_type); len += add_field(buffer + len, temp, 1); /* Set channel */ memset(temp, 0, sizeof(temp)); snprintf(temp, sizeof(temp), "%.2d", ptr->channel); len += add_field(buffer + len, temp, 2); /* Set WEP y/n */ memset(temp, 0, sizeof(temp)); snprintf(temp, sizeof(temp), "%d", ptr->wep); len += add_field(buffer + len, temp, 1); /* Set Mac */ len += add_field(buffer + len, ptr->mac, 17); /* Set ssid */ if(len + ptr->ssid_len < sizeof(buffer) - 1) len += add_field(buffer + len, ptr->bssid, ptr->ssid_len); else len += add_field(buffer + len, ptr->bssid, sizeof(buffer) - len - 1); /* Send prepared buffer to UI */ #ifdef DEBUG wl_loginfo("Sending network to UI: '%s'", buffer); #endif return ((!wl_send(guihost, guiport, buffer)) ? 0 : 1); } /* Fill buffer into structur */ int get_network_found (void *structure, const char *buffer) { wl_network_t *ptr; char temp[5]; unsigned int len = 0; ptr = (wl_network_t *)structure; /* packet type already determined, skip check */ len += 2; /* Get net type (accesspoint || ad-hoc || ...) */ memset(temp, 0, sizeof(temp)); - len += get_field(buffer + len, temp); + len += get_field(buffer + len, temp, sizeof(temp)); ptr->net_type = atoi(temp); /* Get channel */ memset(temp, 0, sizeof(temp)); - len += get_field(buffer + len, temp); + len += get_field(buffer + len, temp, sizeof(temp)); ptr->channel = atoi(temp); /* Set WEP y/n */ memset(temp, 0, sizeof(temp)); - len += get_field(buffer + len, temp); + len += get_field(buffer + len, temp, sizeof(temp)); ptr->wep = atoi(temp); /* Set MAC address */ - len += get_field(buffer + len, ptr->mac); + len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac)); /* Set BSSID */ - len += get_field(buffer + len, ptr->bssid); + len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid)); return 1; } diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh index a196091..f645f58 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh @@ -1,28 +1,30 @@ /* $Id$ */ #ifndef WLPROTO_HH #define WLPROTO_HH #include <stdio.h> #include <string.h> #include <stdlib.h> /* Type definitions, to be continued */ #define NETFOUND 01 #define NETLOST 02 #define STARTSNIFF 98 #define STOPSNIFF 99 +int add_field(char *, const char *, int); +int get_field(const char *, char *, int); int send_network_found (const char *, int, void *); int get_network_found (void *, const char *); typedef struct { int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ int ssid_len; /* Length of SSID */ int channel; /* Channel */ int wep; /* 1 = WEP enabled ; 0 = disabled */ char mac[64]; /* MAC address of Accesspoint */ char bssid[128]; /* BSSID of Net */ } wl_network_t; #endif /* WLPROTO_HH */ |