diff mbox series

[2/2] ctrl_iface_unix: Check read buffer size and exit if equal

Message ID 20200429075316.28982-3-andreastt@gmail.com
State Superseded
Headers show
Series Harden ctrl_iface_unix for wpa-supplicant | expand

Commit Message

Andreas Tobler April 29, 2020, 7:53 a.m. UTC
Add an abort condition if the buffer to read might exceed the
allocated read buffer size. Assume that the allocated buffer is too
small if the return value from recvfrom is equal the allocated
buffer size - 1.

Signed-off-by: Andreas Tobler <andreastt@gmail.com>
---
 wpa_supplicant/ctrl_iface_unix.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 171794de9..fa550ef7f 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -1060,6 +1060,11 @@  static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 			   strerror(errno));
 		return;
 	}
+	if (res == sizeof(buf) - 1) {
+		wpa_printf(MSG_ERROR,
+			   "recvfrom(ctrl_iface): receive buffer too small");
+		return;
+	}
 	buf[res] = '\0';
 
 	if (os_strcmp(buf, "ATTACH") == 0) {