Message ID | 20200318095836.30859-1-ouden.lin@realtek.com |
---|---|
State | Accepted |
Headers | show |
Series | nl80211: Fix RTM NEW/DELLINK IFNAME copy | expand |
On Wed, Mar 18, 2020 at 05:58:37PM +0800, Ouden Lin wrote: > If the kernel rtm_newlink or rtm_dellink send the max length of IFNAME, > then the ifname will not copy from RTA_DATA (IFLA_IFNAME) > in function wpa_driver_nl80211_event_rtm_addlink () and > wpa_driver_nl80211_event_rtm_dellink (). Because the > RTA_PAYLOAD (IFLA_IFNAME) length already include the NULL terminaled, > that equal the IFNAMSIZ. > > This patch will fixed the condition when IFNAME reach max size. Thanks, applied.
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index efcd69ad2..c071cc0e0 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1047,7 +1047,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0'; @@ -1222,7 +1222,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0';