summaryrefslogtreecommitdiff
authormjm <mjm>2002-12-28 15:45:35 (UTC)
committer mjm <mjm>2002-12-28 15:45:35 (UTC)
commit3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (unidiff)
treee6f15cf4c707bbd5577eed364b01f20f152ede14
parentb8ade08c754775d594192e79f33ea9ecc1a3686c (diff)
downloadopie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz
opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2
securityfix for get_field, updated header file
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc22
-rw-r--r--noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh2
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
index 3d5a923..0630d04 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc
@@ -1,48 +1,52 @@
1/* 1/*
2 * Communication protocol 2 * Communication protocol
3 * 3 *
4 * $Id$ 4 * $Id$
5 */ 5 */
6 6
7#include "wl_proto.hh" 7#include "wl_proto.hh"
8#include "wl_log.hh" 8#include "wl_log.hh"
9#include "wl_sock.hh" 9#include "wl_sock.hh"
10 10
11/* Adds a field to the buffer */ 11/* Adds a field to the buffer */
12int add_field(char *buffer, char *string, int len) 12int add_field(char *buffer, const char *string, int len)
13{ 13{
14 char newlen[5]; 14 char newlen[5];
15 15
16 /* 3 Byte = Length */ 16 /* 3 Byte = Length */
17 snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); 17 snprintf(newlen, sizeof(newlen) - 1, "%.3d", len);
18 memcpy(buffer, newlen, 3); 18 memcpy(buffer, newlen, 3);
19 19
20 /* Length bytes = Value */ 20 /* Length bytes = Value */
21 memcpy(buffer + 3, string, atoi(newlen)); 21 memcpy(buffer + 3, string, atoi(newlen));
22 22
23 /* Return length of attached field */ 23 /* Return length of attached field */
24 return (atoi(newlen) + 3); 24 return (atoi(newlen) + 3);
25} 25}
26 26
27int get_field(const char *buffer, char *out) 27int get_field(const char *buffer, char *out, int maxlen)
28{ 28{
29 char len[5]; 29 char len[5];
30 30
31 /* Get length of value */ 31 /* Get length of value */
32 memcpy(len, buffer, 3); 32 memcpy(len, buffer, 3);
33 33
34 /* Copy buffer to out pointer */ 34 /* Copy buffer to out pointer */
35 memset(out, 0, atoi(len) + 1); 35 memset(out, 0, maxlen);
36 memcpy(out, buffer + 3, atoi(len)); 36
37 if(atoi(len)-3 > maxlen -1)
38 memcpy(out, buffer + 3, maxlen - 1);
39 else
40 memcpy(out, buffer + 3, atoi(len));
37 41
38 /* Return length of whole field (including 3 byte length) */ 42 /* Return length of whole field (including 3 byte length) */
39 return (atoi(len) + 3); 43 return (atoi(len) + 3);
40} 44}
41 45
42/* Send found network to UI */ 46/* Send found network to UI */
43int send_network_found (const char *guihost, int guiport, void *structure) 47int send_network_found (const char *guihost, int guiport, void *structure)
44{ 48{
45 wl_network_t *ptr; 49 wl_network_t *ptr;
46 char buffer[2048], temp[5]; 50 char buffer[2048], temp[5];
47 unsigned int len = 0; 51 unsigned int len = 0;
48 52
@@ -91,33 +95,33 @@ int get_network_found (void *structure, const char *buffer)
91{ 95{
92 wl_network_t *ptr; 96 wl_network_t *ptr;
93 char temp[5]; 97 char temp[5];
94 unsigned int len = 0; 98 unsigned int len = 0;
95 99
96 ptr = (wl_network_t *)structure; 100 ptr = (wl_network_t *)structure;
97 101
98 /* packet type already determined, skip check */ 102 /* packet type already determined, skip check */
99 len += 2; 103 len += 2;
100 104
101 /* Get net type (accesspoint || ad-hoc || ...) */ 105 /* Get net type (accesspoint || ad-hoc || ...) */
102 memset(temp, 0, sizeof(temp)); 106 memset(temp, 0, sizeof(temp));
103 len += get_field(buffer + len, temp); 107 len += get_field(buffer + len, temp, sizeof(temp));
104 ptr->net_type = atoi(temp); 108 ptr->net_type = atoi(temp);
105 109
106 /* Get channel */ 110 /* Get channel */
107 memset(temp, 0, sizeof(temp)); 111 memset(temp, 0, sizeof(temp));
108 len += get_field(buffer + len, temp); 112 len += get_field(buffer + len, temp, sizeof(temp));
109 ptr->channel = atoi(temp); 113 ptr->channel = atoi(temp);
110 114
111 /* Set WEP y/n */ 115 /* Set WEP y/n */
112 memset(temp, 0, sizeof(temp)); 116 memset(temp, 0, sizeof(temp));
113 len += get_field(buffer + len, temp); 117 len += get_field(buffer + len, temp, sizeof(temp));
114 ptr->wep = atoi(temp); 118 ptr->wep = atoi(temp);
115 119
116 /* Set MAC address */ 120 /* Set MAC address */
117 len += get_field(buffer + len, ptr->mac); 121 len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac));
118 122
119 /* Set BSSID */ 123 /* Set BSSID */
120 len += get_field(buffer + len, ptr->bssid); 124 len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid));
121 125
122 return 1; 126 return 1;
123} 127}
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
index a196091..f645f58 100644
--- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
+++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh
@@ -4,24 +4,26 @@
4#define WLPROTO_HH 4#define WLPROTO_HH
5 5
6#include <stdio.h> 6#include <stdio.h>
7#include <string.h> 7#include <string.h>
8#include <stdlib.h> 8#include <stdlib.h>
9 9
10/* Type definitions, to be continued */ 10/* Type definitions, to be continued */
11#define NETFOUND 01 11#define NETFOUND 01
12#define NETLOST 02 12#define NETLOST 02
13#define STARTSNIFF 98 13#define STARTSNIFF 98
14#define STOPSNIFF 99 14#define STOPSNIFF 99
15 15
16int add_field(char *, const char *, int);
17int get_field(const char *, char *, int);
16int send_network_found (const char *, int, void *); 18int send_network_found (const char *, int, void *);
17int get_network_found (void *, const char *); 19int get_network_found (void *, const char *);
18 20
19typedef struct { 21typedef struct {
20 int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ 22 int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */
21 int ssid_len; /* Length of SSID */ 23 int ssid_len; /* Length of SSID */
22 int channel; /* Channel */ 24 int channel; /* Channel */
23 int wep; /* 1 = WEP enabled ; 0 = disabled */ 25 int wep; /* 1 = WEP enabled ; 0 = disabled */
24 char mac[64]; /* MAC address of Accesspoint */ 26 char mac[64]; /* MAC address of Accesspoint */
25 char bssid[128]; /* BSSID of Net */ 27 char bssid[128]; /* BSSID of Net */
26} wl_network_t; 28} wl_network_t;
27 29