From patchwork Wed Apr 29 07:53:16 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Tobler <andreastt@gmail.com>
X-Patchwork-Id: 1279083
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20170209 header.b=OpASncJm;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=sjGo3jQU;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49BrPG0wCLz9sSM
	for <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2020 17:53:54 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=WxJsTGvsuBHeEQWkTiIrLRVCCAYhptfD1oGIZ7uiEBc=; b=OpASncJmnnlUWu
	naJH1+a+ghTtJtNpuvqUBkLeF8X9r3EsLpkO11QUKvDWzoETVKCeDdSP5+wht7Ayo/fX4OHOHaIpe
	jQvIz5ht9jIXZ3N+1YrVJJjHVpO1T4N4tE97nk6CBvemI7fmUkE2zVjKzmnPLv7jUAIOiTPaOlnFV
	d8LU667zgc/VuXMLbzaOzQ189vsdJGeHz0DNAyaZmKnZvMazxJG9qb4d1N+3AYNyOkYQzBIQoSTPr
	naNaqkLO7yIAugNjIy5kcTPEojRt43YCrRaITH8HJGnBzOWHyTGDg+xnImZsp5UoOPbmydE3ivMof
	keu0t+BP69A+4Bo98YEw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1jThXJ-00031g-BR; Wed, 29 Apr 2020 07:53:41 +0000
Received: from mail-wr1-x443.google.com ([2a00:1450:4864:20::443])
 by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1jThX5-0002k5-Qd
 for hostap@lists.infradead.org; Wed, 29 Apr 2020 07:53:29 +0000
Received: by mail-wr1-x443.google.com with SMTP id d17so1247539wrg.11
 for <hostap@lists.infradead.org>; Wed, 29 Apr 2020 00:53:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:in-reply-to:references:mime-version
 :content-transfer-encoding;
 bh=btiYaREfq4b6bLsugQuNxKMRjdjqAnQ71u6cveVAGWE=;
 b=sjGo3jQUMkSz1ygvR8UAY5lR1/RJuN7+Zmn6F2dP0Pw6mpnLUDMCdZBJ3q5Hmb1ewF
 hx0epRZkB8rV1PlNTmMN1J8ljE6PKBj2hIks8u5FJIH9LWhKGC7vGC7QK1y3MSg7hz9G
 aqFzva8BHW1Et32jE4+AjiWVQ0rhQyqvveMwRkWM6JzZo2Hi9fpf75sUeSfq5iQpyD4b
 ahuAzIcV9pmAVELiTIZu9eE87mjCtmB3f4XI8YaGTyjqhQq0umqQEW43vmNVnDNUdv89
 6uZmbZ3enfBSMn5WKpNuLfTcL4cB2OA60j3mGPLzB0tTVvE/GNtBaBf2BtbOIohIn2u8
 lH6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=btiYaREfq4b6bLsugQuNxKMRjdjqAnQ71u6cveVAGWE=;
 b=s3aXy/sjZJw4a58lX7xkAq4TOwmnd7yZSvkQVPkiso/Ue36HzfnT9oDLpN8m6OdebT
 CFuu/mItlU2CK+MPagcofS+8MHPbZdA7JMNriL4OEnOHknzWh7I7SifaQ+fUoATJ80M+
 e1X2TtSb5xwhV6l4WfGAOPg05Ocs11+nhHH3NzD388lvEH7xOmnozIu+tjoCIX+NTsQl
 zAdvwVx9flnR8OHu75la0YOaGswuavD2pb15/UwB57hhsWrRDHpfxadVssG9SBBD3TIV
 uaEPfMuz6jjk/BzUqAquEFX4W1JDCLflS+7qBBnHoPLn5iYY0F2cg2C3OXv1hbPTJoWh
 c9rQ==
X-Gm-Message-State: AGi0PuY2JC4Th91HL3gO+gyVfeo15P2I/9/tmIvb7I9Osev4S611QQug
 K1do+zsj3RuGnDFzEDtv/SSjrBP0
X-Google-Smtp-Source: 
 APiQypKPkKVgFBqDf3Yd9pFlwUKagEXG4+g2bUM18ZwQsw42xNLR09VHDqGGYqAO6KHogPdUgoXV+A==
X-Received: by 2002:a5d:66ce:: with SMTP id k14mr40348347wrw.73.1588146806216;
 Wed, 29 Apr 2020 00:53:26 -0700 (PDT)
Received: from m91pl (dhclient-94.100.156.244.flashcable.ch. [94.100.156.244])
 by smtp.gmail.com with ESMTPSA id
 h3sm28440202wrm.73.2020.04.29.00.53.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 29 Apr 2020 00:53:25 -0700 (PDT)
From: Andreas Tobler <andreastt@gmail.com>
X-Google-Original-From: "Andreas Tobler" <andreast@gmail.com>
Received: by m91pl (sSMTP sendmail emulation); Wed, 29 Apr 2020 09:53:24 +0200
To: hostap@lists.infradead.org,
	Andreas Tobler <andreastt@gmail.com>
Subject: [PATCH 2/2] ctrl_iface_unix: Check read buffer size and exit if equal
Date: Wed, 29 Apr 2020 09:53:16 +0200
Message-Id: <20200429075316.28982-3-andreastt@gmail.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200429075316.28982-1-andreastt@gmail.com>
References: <20200429075316.28982-1-andreastt@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200429_005327_871946_EB72CF12 
X-CRM114-Status: GOOD (  10.64  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on bombadil.infradead.org summary:
 Content analysis details:   (-0.2 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:443 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [andreastt[at]gmail.com]
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Add an abort condition if the buffer to read might exceed the
allocated read buffer size. Assume that the allocated buffer is too
small if the return value from recvfrom is equal the allocated
buffer size - 1.

Signed-off-by: Andreas Tobler <andreastt@gmail.com>
---
 wpa_supplicant/ctrl_iface_unix.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 171794de9..fa550ef7f 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -1060,6 +1060,11 @@ static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
 			   strerror(errno));
 		return;
 	}
+	if (res == sizeof(buf) - 1) {
+		wpa_printf(MSG_ERROR,
+			   "recvfrom(ctrl_iface): receive buffer too small");
+		return;
+	}
 	buf[res] = '\0';
 
 	if (os_strcmp(buf, "ATTACH") == 0) {