wpa_supplicant: Fix sprintf security bugs.

Revert back to using os_snprintf instead of sprintf.

Closes WIFI-624

diff --git a/components/wpa_supplicant/src/eap_peer/eap_tls_common.c b/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
index 213cafa13f4afdf479b85d985150d7ec10efddee..7e032685ee14fb5b992a58d152f69191b8dd90dd 100644 (file)
--- a/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
@@ -732,8 +732,7 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
 
        if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
        {
-               //ret = os_snprintf(buf + len, buflen - len,
-               ret = sprintf(buf + len,
+               ret = os_snprintf(buf + len, buflen - len,
                                  "EAP TLS cipher=%s\n", name);
                if (ret < 0 || (size_t) ret >= buflen - len)
                        return len;

diff --git a/components/wpa_supplicant/src/tls/asn1.c b/components/wpa_supplicant/src/tls/asn1.c
index 5023ec1db4a6313c7cb3ff0f80ba76d297df6fde..08d476254f50b94692ca38287fb255a299f694b4 100644 (file)
--- a/components/wpa_supplicant/src/tls/asn1.c
+++ b/components/wpa_supplicant/src/tls/asn1.c
@@ -152,8 +152,7 @@ void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
        buf[0] = '\0';
 
        for (i = 0; i < oid->len; i++) {
-               //ret = os_snprintf(pos, buf + len - pos,
-               ret = sprintf(pos,
+               ret = os_snprintf(pos, buf + len - pos,
                                  "%s%lu",
                                  i == 0 ? "" : ".", oid->oid[i]);
                if (ret < 0 || ret >= buf + len - pos)