* [PATCH 1/2] knownnetworks: fix potential out of bounds write
@ 2023-02-26 6:25 Jiajie Chen
2023-02-26 6:25 ` [PATCH 2/2] knownnetworks: fix printing SSID in hex Jiajie Chen
2023-02-27 16:24 ` [PATCH 1/2] knownnetworks: fix potential out of bounds write Denis Kenzior
0 siblings, 2 replies; 3+ messages in thread
From: Jiajie Chen @ 2023-02-26 6:25 UTC (permalink / raw)
To: iwd; +Cc: Jiajie Chen
If a very long ssid was used (e.g. CJK characters in SSID), it might do
out of bounds write to static variable for lack of checking the position
before the last snprintf() call.
---
src/knownnetworks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/knownnetworks.c b/src/knownnetworks.c
index 487b7017..6c575e50 100644
--- a/src/knownnetworks.c
+++ b/src/knownnetworks.c
@@ -176,7 +176,8 @@ static const char *known_network_get_path(const struct network_info *network)
pos += snprintf(path + pos, sizeof(path) - pos, "%02x",
network->ssid[i]);
- snprintf(path + pos, sizeof(path) - pos, "_%s",
+ if (pos < sizeof(path))
+ snprintf(path + pos, sizeof(path) - pos, "_%s",
security_to_str(network->type));
path[sizeof(path) - 1] = '\0';
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] knownnetworks: fix printing SSID in hex
2023-02-26 6:25 [PATCH 1/2] knownnetworks: fix potential out of bounds write Jiajie Chen
@ 2023-02-26 6:25 ` Jiajie Chen
2023-02-27 16:24 ` [PATCH 1/2] knownnetworks: fix potential out of bounds write Denis Kenzior
1 sibling, 0 replies; 3+ messages in thread
From: Jiajie Chen @ 2023-02-26 6:25 UTC (permalink / raw)
To: iwd; +Cc: Jiajie Chen
Force conversion to unsigned char before printing to avoid sign
extension when printing SSID in hex. For example, if there are CJK
characters in SSID, it will generate a very long string like
/net/connman/iwd/ffffffe8ffffffaeffffffa1.
---
src/knownnetworks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/knownnetworks.c b/src/knownnetworks.c
index 6c575e50..d4d50a6f 100644
--- a/src/knownnetworks.c
+++ b/src/knownnetworks.c
@@ -174,7 +174,7 @@ static const char *known_network_get_path(const struct network_info *network)
for (i = 0; network->ssid[i] && pos < sizeof(path); i++)
pos += snprintf(path + pos, sizeof(path) - pos, "%02x",
- network->ssid[i]);
+ (unsigned char)network->ssid[i]);
if (pos < sizeof(path))
snprintf(path + pos, sizeof(path) - pos, "_%s",
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] knownnetworks: fix potential out of bounds write
2023-02-26 6:25 [PATCH 1/2] knownnetworks: fix potential out of bounds write Jiajie Chen
2023-02-26 6:25 ` [PATCH 2/2] knownnetworks: fix printing SSID in hex Jiajie Chen
@ 2023-02-27 16:24 ` Denis Kenzior
1 sibling, 0 replies; 3+ messages in thread
From: Denis Kenzior @ 2023-02-27 16:24 UTC (permalink / raw)
To: Jiajie Chen, iwd
Hi Jiajie,
On 2/26/23 00:25, Jiajie Chen wrote:
> If a very long ssid was used (e.g. CJK characters in SSID), it might do
> out of bounds write to static variable for lack of checking the position
> before the last snprintf() call.
> ---
> src/knownnetworks.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
Nice catch. Applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-27 16:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-26 6:25 [PATCH 1/2] knownnetworks: fix potential out of bounds write Jiajie Chen
2023-02-26 6:25 ` [PATCH 2/2] knownnetworks: fix printing SSID in hex Jiajie Chen
2023-02-27 16:24 ` [PATCH 1/2] knownnetworks: fix potential out of bounds write Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).