4f08ee517505dcb568fc48418653175d9b6a56c8
[openwrt/staging/ansuel.git] /
1 From 5d4fa2a29bef013e61185beb21a3ec110885eb9a Mon Sep 17 00:00:00 2001
2 From: Jouni Malinen <jouni@qca.qualcomm.com>
3 Date: Mon, 6 Oct 2014 18:49:01 +0300
4 Subject: [PATCH 3/3] hostapd_cli: Use os_exec() for action script execution
5
6 Use os_exec() to run the action script operations to avoid undesired
7 command line processing for control interface event strings. Previously,
8 it could have been possible for some of the event strings to include
9 unsanitized data which is not suitable for system() use. (CVE-2014-3686)
10
11 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
12 ---
13 hostapd/hostapd_cli.c | 25 ++++++++-----------------
14 1 file changed, 8 insertions(+), 17 deletions(-)
15
16 --- a/hostapd/hostapd_cli.c
17 +++ b/hostapd/hostapd_cli.c
18 @@ -238,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wp
19 static int hostapd_cli_exec(const char *program, const char *arg1,
20 const char *arg2)
21 {
22 - char *cmd;
23 + char *arg;
24 size_t len;
25 int res;
26 - int ret = 0;
27
28 - len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
29 - cmd = os_malloc(len);
30 - if (cmd == NULL)
31 + len = os_strlen(arg1) + os_strlen(arg2) + 2;
32 + arg = os_malloc(len);
33 + if (arg == NULL)
34 return -1;
35 - res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
36 - if (res < 0 || (size_t) res >= len) {
37 - os_free(cmd);
38 - return -1;
39 - }
40 - cmd[len - 1] = '\0';
41 -#ifndef _WIN32_WCE
42 - if (system(cmd) < 0)
43 - ret = -1;
44 -#endif /* _WIN32_WCE */
45 - os_free(cmd);
46 + os_snprintf(arg, len, "%s %s", arg1, arg2);
47 + res = os_exec(program, arg, 1);
48 + os_free(arg);
49
50 - return ret;
51 + return res;
52 }
53
54