diff options
author | Zeeshan Ali <zeeshanak@gnome.org> | 2019-09-27 12:47:14 +0200 |
---|---|---|
committer | Zeeshan Ali <zeeshanak@gnome.org> | 2019-09-27 12:49:43 +0200 |
commit | c6a713a541b03b611fc36aa33c723b161e80dcac (patch) | |
tree | 6695233ee48f268073098dcd26f064b6a25db3f1 | |
parent | 57efed15b09c5c78891f6fa1bfe5a7aee64a8fb8 (diff) | |
download | geoclue-c6a713a541b03b611fc36aa33c723b161e80dcac.tar.gz |
mozilla: Don't read beyond the buffer boundry
This fixes a buffer-overflow.
-rw-r--r-- | src/gclue-mozilla.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/gclue-mozilla.c b/src/gclue-mozilla.c index 26a9974..016ba66 100644 --- a/src/gclue-mozilla.c +++ b/src/gclue-mozilla.c @@ -86,13 +86,16 @@ get_bssid_from_bss (WPABSS *bss) return NULL; raw_bssid = variant_to_string (variant, &raw_len); - len = raw_len * 2 + raw_len; + if (raw_bssid == NULL) + return NULL; + + len = raw_len * 2; bssid = g_malloc (len); - for (i = 0, j = 0; i < len; i = i + 3, j++) - g_snprintf (bssid + i, - 4, - "%02x:", - (unsigned char) raw_bssid[j]); + for (i = 0, j = 0; i < len - 3; i = i + 2, j++) { + unsigned char c = (unsigned char) raw_bssid[j]; + + g_snprintf (bssid + i, 3, "%02x:", c); + } bssid[len - 1] = '\0'; return bssid; |