drivers/wifi/esp_at: Increase sprintk buffers to hold parameter types
This driver uses stack buffers to hold AT command strings which are generated at runtime using sprintk. The buffers are only sized for the expected range of values, not the full possible range given the datatypes involved. Values outside this expected range could cause a buffer overflow. To mitigate this, increase the size of each buffer to hold the full range of each parameter type. Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
parent
87367afa80
commit
9b2aed731a
2 changed files with 3 additions and 3 deletions
|
@ -38,7 +38,7 @@ static int esp_listen(struct net_context *context, int backlog)
|
|||
|
||||
static int _sock_connect(struct esp_data *dev, struct esp_socket *sock)
|
||||
{
|
||||
char connect_msg[sizeof("AT+CIPSTART=0,\"TCP\",\"\",65535,7200") +
|
||||
char connect_msg[sizeof("AT+CIPSTART=000,\"TCP\",\"\",65535,7200") +
|
||||
NET_IPV4_ADDR_LEN];
|
||||
char addr_str[NET_IPV4_ADDR_LEN];
|
||||
struct sockaddr dst;
|
||||
|
@ -482,7 +482,7 @@ void esp_recvdata_work(struct k_work *work)
|
|||
struct esp_socket *sock = CONTAINER_OF(work, struct esp_socket,
|
||||
recvdata_work);
|
||||
struct esp_data *data = esp_socket_to_dev(sock);
|
||||
char cmd[sizeof("AT+CIPRECVDATA=0,"STRINGIFY(CIPRECVDATA_MAX_LEN))];
|
||||
char cmd[sizeof("AT+CIPRECVDATA=000,"STRINGIFY(CIPRECVDATA_MAX_LEN))];
|
||||
static const struct modem_cmd cmds[] = {
|
||||
MODEM_CMD_DIRECT(_CIPRECVDATA, on_cmd_ciprecvdata),
|
||||
};
|
||||
|
|
|
@ -198,7 +198,7 @@ void esp_socket_rx(struct esp_socket *sock, struct net_buf *buf,
|
|||
void esp_socket_close(struct esp_socket *sock)
|
||||
{
|
||||
struct esp_data *dev = esp_socket_to_dev(sock);
|
||||
char cmd_buf[sizeof("AT+CIPCLOSE=0")];
|
||||
char cmd_buf[sizeof("AT+CIPCLOSE=000")];
|
||||
int ret;
|
||||
|
||||
snprintk(cmd_buf, sizeof(cmd_buf), "AT+CIPCLOSE=%d",
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue