55 lines
1.5 KiB
Diff
55 lines
1.5 KiB
Diff
From 5d4fa2a29bef013e61185beb21a3ec110885eb9a Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
|
Date: Mon, 6 Oct 2014 18:49:01 +0300
|
|
Subject: [PATCH 3/3] hostapd_cli: Use os_exec() for action script execution
|
|
|
|
Use os_exec() to run the action script operations to avoid undesired
|
|
command line processing for control interface event strings. Previously,
|
|
it could have been possible for some of the event strings to include
|
|
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
|
|
|
|
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
|
---
|
|
hostapd/hostapd_cli.c | 25 ++++++++-----------------
|
|
1 file changed, 8 insertions(+), 17 deletions(-)
|
|
|
|
--- a/hostapd/hostapd_cli.c
|
|
+++ b/hostapd/hostapd_cli.c
|
|
@@ -238,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wp
|
|
static int hostapd_cli_exec(const char *program, const char *arg1,
|
|
const char *arg2)
|
|
{
|
|
- char *cmd;
|
|
+ char *arg;
|
|
size_t len;
|
|
int res;
|
|
- int ret = 0;
|
|
|
|
- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
|
|
- cmd = os_malloc(len);
|
|
- if (cmd == NULL)
|
|
+ len = os_strlen(arg1) + os_strlen(arg2) + 2;
|
|
+ arg = os_malloc(len);
|
|
+ if (arg == NULL)
|
|
return -1;
|
|
- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
|
|
- if (res < 0 || (size_t) res >= len) {
|
|
- os_free(cmd);
|
|
- return -1;
|
|
- }
|
|
- cmd[len - 1] = '\0';
|
|
-#ifndef _WIN32_WCE
|
|
- if (system(cmd) < 0)
|
|
- ret = -1;
|
|
-#endif /* _WIN32_WCE */
|
|
- os_free(cmd);
|
|
+ os_snprintf(arg, len, "%s %s", arg1, arg2);
|
|
+ res = os_exec(program, arg, 1);
|
|
+ os_free(arg);
|
|
|
|
- return ret;
|
|
+ return res;
|
|
}
|
|
|
|
|