DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

hostapd_cli: Use os_exec() for action script execution

Browse source 
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-10-06 18:49:01 +03:00 committed by Jouni Malinen
parent c5f258de76
commit 5d4fa2a29b
1 changed files with 8 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
hostapd/hostapd_cli.c
View file

@ -238,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
static int hostapd_cli_exec(const char *program, const char *arg1, static int hostapd_cli_exec(const char *program, const char *arg1,
const char *arg2) const char *arg2)
{ {
char *cmd; char *arg;
size_t len; size_t len;
int res; int res;
int ret = 0;
len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3; len = os_strlen(arg1) + os_strlen(arg2) + 2;
cmd = os_malloc(len); arg = os_malloc(len);
if (cmd == NULL) if (arg == NULL)
return -1; return -1;
res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2); os_snprintf(arg, len, "%s %s", arg1, arg2);
if (res < 0 || (size_t) res >= len) { res = os_exec(program, arg, 1);
os_free(cmd); os_free(arg);
return -1;
}
cmd[len - 1] = '\0';
#ifndef _WIN32_WCE
if (system(cmd) < 0)
ret = -1;
#endif /* _WIN32_WCE */
os_free(cmd);
return ret; return res;
} }