diff options
author | Ouden <Ouden.Biz@gmail.com> | 2020-03-18 17:58:37 +0800 |
---|---|---|
committer | Andrej Shadura <andrewsh@debian.org> | 2020-03-24 11:13:16 +0100 |
commit | 536acf7502a0ad06771c12da33bd404420bccf1b (patch) | |
tree | 972bf3a9a3885f285b6999016b737e774d99758e | |
parent | 4d77daf2aed9567eb279ae225119a85607b16ab1 (diff) |
nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length
If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.
Fix the condition when IFNAME reach maximum size.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
Gbp-Pq: Topic upstream-fixes
Gbp-Pq: Name 0006-nl80211-fix-RTM-NEW-DELLINK-IFLA_IFNAME.patch
-rw-r--r-- | src/drivers/driver_nl80211.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 0a356ee..47df47f 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0'; @@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, while (RTA_OK(attr, attrlen)) { switch (attr->rta_type) { case IFLA_IFNAME: - if (RTA_PAYLOAD(attr) >= IFNAMSIZ) + if (RTA_PAYLOAD(attr) > IFNAMSIZ) break; os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); ifname[RTA_PAYLOAD(attr)] = '\0'; |