wpa_supplicant: Fix sprintf security bugs.

author Sagar Bijwe <sagar@espressif.com>

Wed, 19 Jun 2019 14:03:34 +0000 (19:33 +0530)

committer bot <bot@espressif.com>

Mon, 12 Aug 2019 06:30:02 +0000 (06:30 +0000)
author Sagar Bijwe <sagar@espressif.com>
Wed, 19 Jun 2019 14:03:34 +0000 (19:33 +0530)
committer bot <bot@espressif.com>
Mon, 12 Aug 2019 06:30:02 +0000 (06:30 +0000)
diff --git a/components/wpa_supplicant/port/include/os.h b/components/wpa_supplicant/port/include/os.h

index 48f7ab85e4116c3543ea39d845619cce0abcd213..0028c21e9cb747a5c7886e3941223099fda8a205 100644 (file)
--- a/components/wpa_supplicant/port/include/os.h
+++ b/components/wpa_supplicant/port/include/os.h
@@ -270,7 +270,7 @@ char * ets_strdup(const char *s);
  #ifdef _MSC_VER
  #define os_snprintf _snprintf
  #else
-#define os_snprintf vsnprintf
+#define os_snprintf snprintf
  #endif
  #endif
  
diff --git a/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c b/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c

index 2c97e6c0f01531aff81033c32d8f42fd82d2335e..5766af803798dd53b9c947f4591f8fc42d3af553 100644 (file)
--- a/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
+++ b/components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c
@@ -732,8 +732,7 @@ int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
  
         if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
         {
-               //ret = os_snprintf(buf + len, buflen - len,
-               ret = sprintf(buf + len,
+               ret = os_snprintf(buf + len, buflen - len,
                                   "EAP TLS cipher=%s\n", name);
                 if (ret < 0 || (size_t) ret >= buflen - len)
                         return len;
diff --git a/components/wpa_supplicant/src/wpa2/tls/asn1.c b/components/wpa_supplicant/src/wpa2/tls/asn1.c

index ced80184647c5c36081756fc16d634ab3eb5af10..2037d827c560e34884c4024068426eca7a63c70a 100644 (file)
--- a/components/wpa_supplicant/src/wpa2/tls/asn1.c
+++ b/components/wpa_supplicant/src/wpa2/tls/asn1.c
@@ -152,8 +152,7 @@ void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len)
         buf[0] = '\0';
  
         for (i = 0; i < oid->len; i++) {
-               //ret = os_snprintf(pos, buf + len - pos,
-               ret = sprintf(pos,
+               ret = os_snprintf(pos, buf + len - pos,
                                   "%s%lu",
                                   i == 0 ? "" : ".", oid->oid[i]);
                 if (ret < 0 || ret >= buf + len - pos)
author	Sagar Bijwe <sagar@espressif.com>
	Wed, 19 Jun 2019 14:03:34 +0000 (19:33 +0530)
committer	bot <bot@espressif.com>
	Mon, 12 Aug 2019 06:30:02 +0000 (06:30 +0000)
components/wpa_supplicant/port/include/os.h		patch \| blob \| history
components/wpa_supplicant/src/wpa2/eap_peer/eap_tls_common.c		patch \| blob \| history
components/wpa_supplicant/src/wpa2/tls/asn1.c		patch \| blob \| history