1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From fc42d8237fa49de90fadbc515c8828ee0f57da1b Mon Sep 17 00:00:00 2001
From: John Vogel <jvogel4@stny.rr.com>
Date: Mon, 9 Oct 2023 10:32:34 -0400
Subject: [PATCH 2/4] essid.c: take some care
Copy the interface name with strcpy, not sprint.
Return from put_status with error if the format is not able to
handle a string param.
---
essid.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/essid.c b/essid.c
index de45164..3050bd7 100644
--- a/essid.c
+++ b/essid.c
@@ -21,6 +21,9 @@ char name[IW_ESSID_MAX_SIZE + 1] = {0};
int put_status(int fd, struct iwreq *rqt)
{
+ if (strstr(format, "%s") == NULL)
+ return -1;
+
rqt->u.essid.pointer = name;
rqt->u.essid.length = IW_ESSID_MAX_SIZE + 1;
if (ioctl(fd, SIOCGIWESSID, rqt) == -1) {
@@ -64,7 +67,7 @@ int main(int argc, char *argv[])
struct iwreq request;
int sock_fd;
memset(&request, 0, sizeof(struct iwreq));
- sprintf(request.ifr_name, interface);
+ strncpy(request.ifr_name, interface, strlen(interface));
if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
perror("socket");
--
2.42.0
|
