author | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
---|---|---|
committer | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
commit | 3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (unidiff) | |
tree | e6f15cf4c707bbd5577eed364b01f20f152ede14 | |
parent | b8ade08c754775d594192e79f33ea9ecc1a3686c (diff) | |
download | opie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2 |
securityfix for get_field, updated header file
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc | 22 | ||||
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh | 2 |
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc index 3d5a923..0630d04 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc | |||
@@ -1,123 +1,127 @@ | |||
1 | /* | 1 | /* |
2 | * Communication protocol | 2 | * Communication protocol |
3 | * | 3 | * |
4 | * $Id$ | 4 | * $Id$ |
5 | */ | 5 | */ |
6 | 6 | ||
7 | #include "wl_proto.hh" | 7 | #include "wl_proto.hh" |
8 | #include "wl_log.hh" | 8 | #include "wl_log.hh" |
9 | #include "wl_sock.hh" | 9 | #include "wl_sock.hh" |
10 | 10 | ||
11 | /* Adds a field to the buffer */ | 11 | /* Adds a field to the buffer */ |
12 | int add_field(char *buffer, char *string, int len) | 12 | int add_field(char *buffer, const char *string, int len) |
13 | { | 13 | { |
14 | char newlen[5]; | 14 | char newlen[5]; |
15 | 15 | ||
16 | /* 3 Byte = Length */ | 16 | /* 3 Byte = Length */ |
17 | snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); | 17 | snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); |
18 | memcpy(buffer, newlen, 3); | 18 | memcpy(buffer, newlen, 3); |
19 | 19 | ||
20 | /* Length bytes = Value */ | 20 | /* Length bytes = Value */ |
21 | memcpy(buffer + 3, string, atoi(newlen)); | 21 | memcpy(buffer + 3, string, atoi(newlen)); |
22 | 22 | ||
23 | /* Return length of attached field */ | 23 | /* Return length of attached field */ |
24 | return (atoi(newlen) + 3); | 24 | return (atoi(newlen) + 3); |
25 | } | 25 | } |
26 | 26 | ||
27 | int get_field(const char *buffer, char *out) | 27 | int get_field(const char *buffer, char *out, int maxlen) |
28 | { | 28 | { |
29 | char len[5]; | 29 | char len[5]; |
30 | 30 | ||
31 | /* Get length of value */ | 31 | /* Get length of value */ |
32 | memcpy(len, buffer, 3); | 32 | memcpy(len, buffer, 3); |
33 | 33 | ||
34 | /* Copy buffer to out pointer */ | 34 | /* Copy buffer to out pointer */ |
35 | memset(out, 0, atoi(len) + 1); | 35 | memset(out, 0, maxlen); |
36 | memcpy(out, buffer + 3, atoi(len)); | 36 | |
37 | if(atoi(len)-3 > maxlen -1) | ||
38 | memcpy(out, buffer + 3, maxlen - 1); | ||
39 | else | ||
40 | memcpy(out, buffer + 3, atoi(len)); | ||
37 | 41 | ||
38 | /* Return length of whole field (including 3 byte length) */ | 42 | /* Return length of whole field (including 3 byte length) */ |
39 | return (atoi(len) + 3); | 43 | return (atoi(len) + 3); |
40 | } | 44 | } |
41 | 45 | ||
42 | /* Send found network to UI */ | 46 | /* Send found network to UI */ |
43 | int send_network_found (const char *guihost, int guiport, void *structure) | 47 | int send_network_found (const char *guihost, int guiport, void *structure) |
44 | { | 48 | { |
45 | wl_network_t *ptr; | 49 | wl_network_t *ptr; |
46 | char buffer[2048], temp[5]; | 50 | char buffer[2048], temp[5]; |
47 | unsigned int len = 0; | 51 | unsigned int len = 0; |
48 | 52 | ||
49 | ptr = (wl_network_t *)structure; | 53 | ptr = (wl_network_t *)structure; |
50 | 54 | ||
51 | /* Type = Found new net (without length field) */ | 55 | /* Type = Found new net (without length field) */ |
52 | memset(temp, 0, sizeof(temp)); | 56 | memset(temp, 0, sizeof(temp)); |
53 | snprintf(temp, sizeof(temp), "%.2d", NETFOUND); | 57 | snprintf(temp, sizeof(temp), "%.2d", NETFOUND); |
54 | memcpy(buffer, temp, 2); | 58 | memcpy(buffer, temp, 2); |
55 | len += 2; | 59 | len += 2; |
56 | 60 | ||
57 | /* Set Net-type */ | 61 | /* Set Net-type */ |
58 | memset(temp, 0, sizeof(temp)); | 62 | memset(temp, 0, sizeof(temp)); |
59 | snprintf(temp, sizeof(temp), "%d", ptr->net_type); | 63 | snprintf(temp, sizeof(temp), "%d", ptr->net_type); |
60 | len += add_field(buffer + len, temp, 1); | 64 | len += add_field(buffer + len, temp, 1); |
61 | 65 | ||
62 | /* Set channel */ | 66 | /* Set channel */ |
63 | memset(temp, 0, sizeof(temp)); | 67 | memset(temp, 0, sizeof(temp)); |
64 | snprintf(temp, sizeof(temp), "%.2d", ptr->channel); | 68 | snprintf(temp, sizeof(temp), "%.2d", ptr->channel); |
65 | len += add_field(buffer + len, temp, 2); | 69 | len += add_field(buffer + len, temp, 2); |
66 | 70 | ||
67 | /* Set WEP y/n */ | 71 | /* Set WEP y/n */ |
68 | memset(temp, 0, sizeof(temp)); | 72 | memset(temp, 0, sizeof(temp)); |
69 | snprintf(temp, sizeof(temp), "%d", ptr->wep); | 73 | snprintf(temp, sizeof(temp), "%d", ptr->wep); |
70 | len += add_field(buffer + len, temp, 1); | 74 | len += add_field(buffer + len, temp, 1); |
71 | 75 | ||
72 | /* Set Mac */ | 76 | /* Set Mac */ |
73 | len += add_field(buffer + len, ptr->mac, 17); | 77 | len += add_field(buffer + len, ptr->mac, 17); |
74 | 78 | ||
75 | /* Set ssid */ | 79 | /* Set ssid */ |
76 | if(len + ptr->ssid_len < sizeof(buffer) - 1) | 80 | if(len + ptr->ssid_len < sizeof(buffer) - 1) |
77 | len += add_field(buffer + len, ptr->bssid, ptr->ssid_len); | 81 | len += add_field(buffer + len, ptr->bssid, ptr->ssid_len); |
78 | else | 82 | else |
79 | len += add_field(buffer + len, ptr->bssid, sizeof(buffer) - len - 1); | 83 | len += add_field(buffer + len, ptr->bssid, sizeof(buffer) - len - 1); |
80 | 84 | ||
81 | /* Send prepared buffer to UI */ | 85 | /* Send prepared buffer to UI */ |
82 | #ifdef DEBUG | 86 | #ifdef DEBUG |
83 | wl_loginfo("Sending network to UI: '%s'", buffer); | 87 | wl_loginfo("Sending network to UI: '%s'", buffer); |
84 | #endif | 88 | #endif |
85 | 89 | ||
86 | return ((!wl_send(guihost, guiport, buffer)) ? 0 : 1); | 90 | return ((!wl_send(guihost, guiport, buffer)) ? 0 : 1); |
87 | } | 91 | } |
88 | 92 | ||
89 | /* Fill buffer into structur */ | 93 | /* Fill buffer into structur */ |
90 | int get_network_found (void *structure, const char *buffer) | 94 | int get_network_found (void *structure, const char *buffer) |
91 | { | 95 | { |
92 | wl_network_t *ptr; | 96 | wl_network_t *ptr; |
93 | char temp[5]; | 97 | char temp[5]; |
94 | unsigned int len = 0; | 98 | unsigned int len = 0; |
95 | 99 | ||
96 | ptr = (wl_network_t *)structure; | 100 | ptr = (wl_network_t *)structure; |
97 | 101 | ||
98 | /* packet type already determined, skip check */ | 102 | /* packet type already determined, skip check */ |
99 | len += 2; | 103 | len += 2; |
100 | 104 | ||
101 | /* Get net type (accesspoint || ad-hoc || ...) */ | 105 | /* Get net type (accesspoint || ad-hoc || ...) */ |
102 | memset(temp, 0, sizeof(temp)); | 106 | memset(temp, 0, sizeof(temp)); |
103 | len += get_field(buffer + len, temp); | 107 | len += get_field(buffer + len, temp, sizeof(temp)); |
104 | ptr->net_type = atoi(temp); | 108 | ptr->net_type = atoi(temp); |
105 | 109 | ||
106 | /* Get channel */ | 110 | /* Get channel */ |
107 | memset(temp, 0, sizeof(temp)); | 111 | memset(temp, 0, sizeof(temp)); |
108 | len += get_field(buffer + len, temp); | 112 | len += get_field(buffer + len, temp, sizeof(temp)); |
109 | ptr->channel = atoi(temp); | 113 | ptr->channel = atoi(temp); |
110 | 114 | ||
111 | /* Set WEP y/n */ | 115 | /* Set WEP y/n */ |
112 | memset(temp, 0, sizeof(temp)); | 116 | memset(temp, 0, sizeof(temp)); |
113 | len += get_field(buffer + len, temp); | 117 | len += get_field(buffer + len, temp, sizeof(temp)); |
114 | ptr->wep = atoi(temp); | 118 | ptr->wep = atoi(temp); |
115 | 119 | ||
116 | /* Set MAC address */ | 120 | /* Set MAC address */ |
117 | len += get_field(buffer + len, ptr->mac); | 121 | len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac)); |
118 | 122 | ||
119 | /* Set BSSID */ | 123 | /* Set BSSID */ |
120 | len += get_field(buffer + len, ptr->bssid); | 124 | len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid)); |
121 | 125 | ||
122 | return 1; | 126 | return 1; |
123 | } | 127 | } |
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh index a196091..f645f58 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh | |||
@@ -1,28 +1,30 @@ | |||
1 | /* $Id$ */ | 1 | /* $Id$ */ |
2 | 2 | ||
3 | #ifndef WLPROTO_HH | 3 | #ifndef WLPROTO_HH |
4 | #define WLPROTO_HH | 4 | #define WLPROTO_HH |
5 | 5 | ||
6 | #include <stdio.h> | 6 | #include <stdio.h> |
7 | #include <string.h> | 7 | #include <string.h> |
8 | #include <stdlib.h> | 8 | #include <stdlib.h> |
9 | 9 | ||
10 | /* Type definitions, to be continued */ | 10 | /* Type definitions, to be continued */ |
11 | #define NETFOUND 01 | 11 | #define NETFOUND 01 |
12 | #define NETLOST 02 | 12 | #define NETLOST 02 |
13 | #define STARTSNIFF 98 | 13 | #define STARTSNIFF 98 |
14 | #define STOPSNIFF 99 | 14 | #define STOPSNIFF 99 |
15 | 15 | ||
16 | int add_field(char *, const char *, int); | ||
17 | int get_field(const char *, char *, int); | ||
16 | int send_network_found (const char *, int, void *); | 18 | int send_network_found (const char *, int, void *); |
17 | int get_network_found (void *, const char *); | 19 | int get_network_found (void *, const char *); |
18 | 20 | ||
19 | typedef struct { | 21 | typedef struct { |
20 | int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ | 22 | int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ |
21 | int ssid_len; /* Length of SSID */ | 23 | int ssid_len; /* Length of SSID */ |
22 | int channel; /* Channel */ | 24 | int channel; /* Channel */ |
23 | int wep; /* 1 = WEP enabled ; 0 = disabled */ | 25 | int wep; /* 1 = WEP enabled ; 0 = disabled */ |
24 | char mac[64]; /* MAC address of Accesspoint */ | 26 | char mac[64]; /* MAC address of Accesspoint */ |
25 | char bssid[128]; /* BSSID of Net */ | 27 | char bssid[128]; /* BSSID of Net */ |
26 | } wl_network_t; | 28 | } wl_network_t; |
27 | 29 | ||
28 | #endif /* WLPROTO_HH */ | 30 | #endif /* WLPROTO_HH */ |