aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-10-06 14:25:52 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-09 14:38:25 (GMT)
commitc5f258de76dbb67fb64beab39a99e5c5711f41fe (patch)
tree9af2be30542c35a5c88e69e30dca08e268224659
parent89de07a9442072f88d49869d8ecd8d42bae050a0 (diff)
downloadhostap-c5f258de76dbb67fb64beab39a99e5c5711f41fe.zip
hostap-c5f258de76dbb67fb64beab39a99e5c5711f41fe.tar.gz
hostap-c5f258de76dbb67fb64beab39a99e5c5711f41fe.tar.bz2
wpa_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired command line processing for control interface event strings. Previously, it could have been possible for some of the event strings to include unsanitized data which is not suitable for system() use. (CVE-2014-3686) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--wpa_supplicant/wpa_cli.c25
1 files changed, 8 insertions, 17 deletions
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 18b9b77..fe30b41 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -3159,28 +3159,19 @@ static int str_match(const char *a, const char *b)
static int wpa_cli_exec(const char *program, const char *arg1,
const char *arg2)
{
- char *cmd;
+ char *arg;
size_t len;
int res;
- int ret = 0;
- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
- cmd = os_malloc(len);
- if (cmd == NULL)
- return -1;
- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
- if (res < 0 || (size_t) res >= len) {
- os_free(cmd);
+ len = os_strlen(arg1) + os_strlen(arg2) + 2;
+ arg = os_malloc(len);
+ if (arg == NULL)
return -1;
- }
- cmd[len - 1] = '\0';
-#ifndef _WIN32_WCE
- if (system(cmd) < 0)
- ret = -1;
-#endif /* _WIN32_WCE */
- os_free(cmd);
+ os_snprintf(arg, len, "%s %s", arg1, arg2);
+ res = os_exec(program, arg, 1);
+ os_free(arg);
- return ret;
+ return res;
}