printf_decode() fills in a binary buffer and returns the length of
the written data. This did not use null termination since initial
use cases used the output as a binary value. However, Hotspot 2.0
cred block values are also using this for parsing strings. Those
cases could end up without proper null termination depending on what
os_malloc() ends up getting as the memory buffer. Fix these and make
printf_decode() more convenient by forcing the output buffer to be
null terminated.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
int val;
while (*pos) {
- if (len == maxlen)
+ if (len + 1 >= maxlen)
break;
switch (*pos) {
case '\\':
break;
}
}
+ if (maxlen > len)
+ buf[len] = '\0';
return len;
}