Check sscanf() return value in TWT_SETUP parsing

Reject invalid values instead of proceeding. Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 16:55:45 +03:00 · 2022-05-08 16:55:45 +03:00 · 3f3ce0571c
commit 3f3ce0571c
parent 2982e50c15
1 changed files with 3 additions and 2 deletions
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@ -10027,8 +10027,9 @@ static int wpas_ctrl_iface_send_twt_setup(struct wpa_supplicant *wpa_s,
 		setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));

 	tok_s = os_strstr(cmd, " twt=");
-	if (tok_s)
-		sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
+	if (tok_s &&
+	    sscanf(tok_s + os_strlen(" twt="), "%llu", &twt) != 1)
+		return -1;

 	tok_s = os_strstr(cmd, " requestor=");
 	if (tok_s)