author | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
---|---|---|
committer | mjm <mjm> | 2002-12-28 15:45:35 (UTC) |
commit | 3e11085619fabc4d25bb831bebbae189accfe4bf (patch) (unidiff) | |
tree | e6f15cf4c707bbd5577eed364b01f20f152ede14 | |
parent | b8ade08c754775d594192e79f33ea9ecc1a3686c (diff) | |
download | opie-3e11085619fabc4d25bb831bebbae189accfe4bf.zip opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.gz opie-3e11085619fabc4d25bb831bebbae189accfe4bf.tar.bz2 |
securityfix for get_field, updated header file
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc | 22 | ||||
-rw-r--r-- | noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh | 2 |
2 files changed, 15 insertions, 9 deletions
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc index 3d5a923..0630d04 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.cc | |||
@@ -6,13 +6,13 @@ | |||
6 | 6 | ||
7 | #include "wl_proto.hh" | 7 | #include "wl_proto.hh" |
8 | #include "wl_log.hh" | 8 | #include "wl_log.hh" |
9 | #include "wl_sock.hh" | 9 | #include "wl_sock.hh" |
10 | 10 | ||
11 | /* Adds a field to the buffer */ | 11 | /* Adds a field to the buffer */ |
12 | int add_field(char *buffer, char *string, int len) | 12 | int add_field(char *buffer, const char *string, int len) |
13 | { | 13 | { |
14 | char newlen[5]; | 14 | char newlen[5]; |
15 | 15 | ||
16 | /* 3 Byte = Length */ | 16 | /* 3 Byte = Length */ |
17 | snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); | 17 | snprintf(newlen, sizeof(newlen) - 1, "%.3d", len); |
18 | memcpy(buffer, newlen, 3); | 18 | memcpy(buffer, newlen, 3); |
@@ -21,22 +21,26 @@ int add_field(char *buffer, char *string, int len) | |||
21 | memcpy(buffer + 3, string, atoi(newlen)); | 21 | memcpy(buffer + 3, string, atoi(newlen)); |
22 | 22 | ||
23 | /* Return length of attached field */ | 23 | /* Return length of attached field */ |
24 | return (atoi(newlen) + 3); | 24 | return (atoi(newlen) + 3); |
25 | } | 25 | } |
26 | 26 | ||
27 | int get_field(const char *buffer, char *out) | 27 | int get_field(const char *buffer, char *out, int maxlen) |
28 | { | 28 | { |
29 | char len[5]; | 29 | char len[5]; |
30 | 30 | ||
31 | /* Get length of value */ | 31 | /* Get length of value */ |
32 | memcpy(len, buffer, 3); | 32 | memcpy(len, buffer, 3); |
33 | 33 | ||
34 | /* Copy buffer to out pointer */ | 34 | /* Copy buffer to out pointer */ |
35 | memset(out, 0, atoi(len) + 1); | 35 | memset(out, 0, maxlen); |
36 | memcpy(out, buffer + 3, atoi(len)); | 36 | |
37 | if(atoi(len)-3 > maxlen -1) | ||
38 | memcpy(out, buffer + 3, maxlen - 1); | ||
39 | else | ||
40 | memcpy(out, buffer + 3, atoi(len)); | ||
37 | 41 | ||
38 | /* Return length of whole field (including 3 byte length) */ | 42 | /* Return length of whole field (including 3 byte length) */ |
39 | return (atoi(len) + 3); | 43 | return (atoi(len) + 3); |
40 | } | 44 | } |
41 | 45 | ||
42 | /* Send found network to UI */ | 46 | /* Send found network to UI */ |
@@ -97,27 +101,27 @@ int get_network_found (void *structure, const char *buffer) | |||
97 | 101 | ||
98 | /* packet type already determined, skip check */ | 102 | /* packet type already determined, skip check */ |
99 | len += 2; | 103 | len += 2; |
100 | 104 | ||
101 | /* Get net type (accesspoint || ad-hoc || ...) */ | 105 | /* Get net type (accesspoint || ad-hoc || ...) */ |
102 | memset(temp, 0, sizeof(temp)); | 106 | memset(temp, 0, sizeof(temp)); |
103 | len += get_field(buffer + len, temp); | 107 | len += get_field(buffer + len, temp, sizeof(temp)); |
104 | ptr->net_type = atoi(temp); | 108 | ptr->net_type = atoi(temp); |
105 | 109 | ||
106 | /* Get channel */ | 110 | /* Get channel */ |
107 | memset(temp, 0, sizeof(temp)); | 111 | memset(temp, 0, sizeof(temp)); |
108 | len += get_field(buffer + len, temp); | 112 | len += get_field(buffer + len, temp, sizeof(temp)); |
109 | ptr->channel = atoi(temp); | 113 | ptr->channel = atoi(temp); |
110 | 114 | ||
111 | /* Set WEP y/n */ | 115 | /* Set WEP y/n */ |
112 | memset(temp, 0, sizeof(temp)); | 116 | memset(temp, 0, sizeof(temp)); |
113 | len += get_field(buffer + len, temp); | 117 | len += get_field(buffer + len, temp, sizeof(temp)); |
114 | ptr->wep = atoi(temp); | 118 | ptr->wep = atoi(temp); |
115 | 119 | ||
116 | /* Set MAC address */ | 120 | /* Set MAC address */ |
117 | len += get_field(buffer + len, ptr->mac); | 121 | len += get_field(buffer + len, ptr->mac, sizeof(ptr->mac)); |
118 | 122 | ||
119 | /* Set BSSID */ | 123 | /* Set BSSID */ |
120 | len += get_field(buffer + len, ptr->bssid); | 124 | len += get_field(buffer + len, ptr->bssid, sizeof(ptr->bssid)); |
121 | 125 | ||
122 | return 1; | 126 | return 1; |
123 | } | 127 | } |
diff --git a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh index a196091..f645f58 100644 --- a/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh +++ b/noncore/net/wellenreiter/libwellenreiter/source/wl_proto.hh | |||
@@ -10,12 +10,14 @@ | |||
10 | /* Type definitions, to be continued */ | 10 | /* Type definitions, to be continued */ |
11 | #define NETFOUND 01 | 11 | #define NETFOUND 01 |
12 | #define NETLOST 02 | 12 | #define NETLOST 02 |
13 | #define STARTSNIFF 98 | 13 | #define STARTSNIFF 98 |
14 | #define STOPSNIFF 99 | 14 | #define STOPSNIFF 99 |
15 | 15 | ||
16 | int add_field(char *, const char *, int); | ||
17 | int get_field(const char *, char *, int); | ||
16 | int send_network_found (const char *, int, void *); | 18 | int send_network_found (const char *, int, void *); |
17 | int get_network_found (void *, const char *); | 19 | int get_network_found (void *, const char *); |
18 | 20 | ||
19 | typedef struct { | 21 | typedef struct { |
20 | int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ | 22 | int net_type; /* 1 = Accesspoint ; 2 = Ad-Hoc */ |
21 | int ssid_len; /* Length of SSID */ | 23 | int ssid_len; /* Length of SSID */ |