From: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Date: Wed, 25 Sep 2013 09:34:35 +0000 (+0300)
Subject: Fix wpa_config_parse_string() to null terminate printf decoded values
X-Git-Tag: hostap_2_1~930
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=913c19c6e54c74b7ca061d877907bca7206a4de9;p=mech_eap.git

Fix wpa_config_parse_string() to null terminate printf decoded values

printf_decode() fills in a binary buffer and returns the length of
the written data. This did not use null termination since initial
use cases used the output as a binary value. However, Hotspot 2.0
cred block values are also using this for parsing strings. Those
cases could end up without proper null termination depending on what
os_malloc() ends up getting as the memory buffer. Fix these and make
printf_decode() more convenient by forcing the output buffer to be
null terminated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/utils/common.c b/src/utils/common.c
index bf326cd..207d477 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -400,7 +400,7 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
 	int val;
 
 	while (*pos) {
-		if (len == maxlen)
+		if (len + 1 >= maxlen)
 			break;
 		switch (*pos) {
 		case '\\':
@@ -468,6 +468,8 @@ size_t printf_decode(u8 *buf, size_t maxlen, const char *str)
 			break;
 		}
 	}
+	if (maxlen > len)
+		buf[len] = '\0';
 
 	return len;
 }