wifi/esp32: Fix overflow in SSID copy
In the previous code, strnlen could have returned WIFI_SSID_MAX_LEN, and the following statement ensuring NUL termination would have written one past the end of the array. Replace this with code that ensures a NUL termination within the bounds of the array and then use strlen to compute the length. Signed-off-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
parent
df1cd1b0b1
commit
ec38e9ef64
1 changed files with 4 additions and 2 deletions
|
@ -770,8 +770,10 @@ static int esp32_wifi_status(const struct device *dev, struct wifi_iface_status
|
|||
}
|
||||
|
||||
strncpy(status->ssid, data->status.ssid, WIFI_SSID_MAX_LEN);
|
||||
status->ssid_len = strnlen(data->status.ssid, WIFI_SSID_MAX_LEN);
|
||||
status->ssid[status->ssid_len] = '\0';
|
||||
/* Ensure the result is NUL terminated */
|
||||
status->ssid[WIFI_SSID_MAX_LEN-1] = '\0';
|
||||
/* We know it is NUL terminated, so we can use strlen */
|
||||
status->ssid_len = strlen(data->status.ssid);
|
||||
status->band = WIFI_FREQ_BAND_2_4_GHZ;
|
||||
status->link_mode = WIFI_LINK_MODE_UNKNOWN;
|
||||
status->mfp = WIFI_MFP_DISABLE;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue