aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-10-06 15:49:01 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-09 14:38:25 (GMT)
commit5d4fa2a29bef013e61185beb21a3ec110885eb9a (patch)
treee7121d4298fd1f7bd21347bf1c3884a09246bc68 /hostapd
parentc5f258de76dbb67fb64beab39a99e5c5711f41fe (diff)
downloadhostap-5d4fa2a29bef013e61185beb21a3ec110885eb9a.zip
hostap-5d4fa2a29bef013e61185beb21a3ec110885eb9a.tar.gz
hostap-5d4fa2a29bef013e61185beb21a3ec110885eb9a.tar.bz2
hostapd_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired command line processing for control interface event strings. Previously, it could have been possible for some of the event strings to include unsanitized data which is not suitable for system() use. (CVE-2014-3686) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/hostapd_cli.c25
1 files changed, 8 insertions, 17 deletions
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 09b7284..9e62bef 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -238,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[])
static int hostapd_cli_exec(const char *program, const char *arg1,
const char *arg2)
{
- char *cmd;
+ char *arg;
size_t len;
int res;
- int ret = 0;
- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
- cmd = os_malloc(len);
- if (cmd == NULL)
+ len = os_strlen(arg1) + os_strlen(arg2) + 2;
+ arg = os_malloc(len);
+ if (arg == NULL)
return -1;
- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
- if (res < 0 || (size_t) res >= len) {
- os_free(cmd);
- return -1;
- }
- cmd[len - 1] = '\0';
-#ifndef _WIN32_WCE
- if (system(cmd) < 0)
- ret = -1;
-#endif /* _WIN32_WCE */
- os_free(cmd);
+ os_snprintf(arg, len, "%s %s", arg1, arg2);
+ res = os_exec(program, arg, 1);
+ os_free(arg);
- return ret;
+ return res;
}