zhao/immortalwrt-mt798x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(rrm.c): fix unbounded ssid

Browse Source
This commit is contained in:
trkwyk
2026-01-22 23:11:00 +08:00
committed by zerowrt-bot
parent 4399b317fd
commit 252d7352d7
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
package/mtk/drivers/mt_wifi/patches-7661/022-fix-rrm-snprintf-error.patch Normal file
View File

@@ -0,0 +1,17 @@
--- a/mt_wifi/embedded/common/rrm.c 2025-04-08 12:54:09.000000000 +0800
+++ b/mt_wifi/embedded/common/rrm.c 2026-01-22 21:50:27.508920117 +0800
@@ -833,13 +833,12 @@
} else {
if (RRM_PeerNeighborReqSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken, &pSsid, &SsidLen)) {
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "DialogToken=%x\n", DialogToken);
- ret = snprintf(ssidbuf, sizeof(ssidbuf), "%s", pSsid);
+ ret = snprintf(ssidbuf, sizeof(ssidbuf), "%.*s", SsidLen, pSsid);
if (os_snprintf_error(sizeof(ssidbuf), ret)) {
MTWF_DBG(pAd, DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_ERROR,
"snprintf error!\n");
return;
}
- ssidbuf[SsidLen] = '\0';
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "pSsid=%s\n", ssidbuf);
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "SsidLen=%d\n", SsidLen);
RRM_EnqueueNeighborRep(pAd, pEntry, DialogToken, pSsid, SsidLen);

17
package/mtk/drivers/mt_wifi/patches-7673/022-fix-rrm-snprintf-error.patch Normal file
View File

@@ -0,0 +1,17 @@
--- a/mt_wifi/embedded/common/rrm.c 2025-04-08 12:54:09.000000000 +0800
+++ b/mt_wifi/embedded/common/rrm.c 2026-01-22 21:50:27.508920117 +0800
@@ -833,13 +833,12 @@
} else {
if (RRM_PeerNeighborReqSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken, &pSsid, &SsidLen)) {
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "DialogToken=%x\n", DialogToken);
- ret = snprintf(ssidbuf, sizeof(ssidbuf), "%s", pSsid);
+ ret = snprintf(ssidbuf, sizeof(ssidbuf), "%.*s", SsidLen, pSsid);
if (os_snprintf_error(sizeof(ssidbuf), ret)) {
MTWF_DBG(pAd, DBG_CAT_ALL, DBG_SUBCAT_ALL, DBG_LVL_ERROR,
"snprintf error!\n");
return;
}
- ssidbuf[SsidLen] = '\0';
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "pSsid=%s\n", ssidbuf);
MTWF_DBG(pAd, DBG_CAT_PROTO, CATPROTO_RRM, DBG_LVL_INFO, "SsidLen=%d\n", SsidLen);
RRM_EnqueueNeighborRep(pAd, pEntry, DialogToken, pSsid, SsidLen);