wpa_supplicant: Fix sprintf security bugs.

Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624

diff --git a/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c b/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
index 2c97e6c0f01531aff81033c32d8f42fd82d2335e..5766af803798dd53b9c947f4591f8fc42d3af553 100644 (file)
--- a/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
+++ b/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
@@ -732,8 +732,7 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
 
        if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
        {
-               //ret = os_snprintf(buf + len, buflen - len,
-               ret = sprintf(buf + len,
+               ret = os_snprintf(buf + len, buflen - len,
                                  "EAP TLS cipher=%s\n", name);
                if (ret < 0 || (size_t) ret >= buflen - len)
                        return len;

diff --git a/components/wpa_supplicant/src/wpa2/tls/asn1.c b/components/wpa_supplicant/src/wpa2/tls/asn1.c
index ced80184647c5c36081756fc16d634ab3eb5af10..2037d827c560e34884c4024068426eca7a63c70a 100644 (file)
--- a/components/wpa_supplicant/src/wpa2/tls/asn1.c
+++ b/components/wpa_supplicant/src/wpa2/tls/asn1.c
@@ -152,8 +152,7 @@ void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
        buf[0] = '\0';
 
        for (i = 0; i < oid->len; i++) {
-               //ret = os_snprintf(pos, buf + len - pos,
-               ret = sprintf(pos,
+               ret = os_snprintf(pos, buf + len - pos,
                                  "%s%lu",
                                  i == 0 ? "" : ".", oid->oid[i]);
                if (ret < 0 || ret >= buf + len - pos)