summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZeeshan Ali <zeeshanak@gnome.org>2019-09-27 12:47:14 +0200
committerZeeshan Ali <zeeshanak@gnome.org>2019-09-27 12:49:43 +0200
commitc6a713a541b03b611fc36aa33c723b161e80dcac (patch)
tree6695233ee48f268073098dcd26f064b6a25db3f1
parent57efed15b09c5c78891f6fa1bfe5a7aee64a8fb8 (diff)
downloadgeoclue-c6a713a541b03b611fc36aa33c723b161e80dcac.tar.gz
mozilla: Don't read beyond the buffer boundry
This fixes a buffer-overflow.
-rw-r--r--src/gclue-mozilla.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/gclue-mozilla.c b/src/gclue-mozilla.c
index 26a9974..016ba66 100644
--- a/src/gclue-mozilla.c
+++ b/src/gclue-mozilla.c
@@ -86,13 +86,16 @@ get_bssid_from_bss (WPABSS *bss)
return NULL;
raw_bssid = variant_to_string (variant, &raw_len);
- len = raw_len * 2 + raw_len;
+ if (raw_bssid == NULL)
+ return NULL;
+
+ len = raw_len * 2;
bssid = g_malloc (len);
- for (i = 0, j = 0; i < len; i = i + 3, j++)
- g_snprintf (bssid + i,
- 4,
- "%02x:",
- (unsigned char) raw_bssid[j]);
+ for (i = 0, j = 0; i < len - 3; i = i + 2, j++) {
+ unsigned char c = (unsigned char) raw_bssid[j];
+
+ g_snprintf (bssid + i, 3, "%02x:", c);
+ }
bssid[len - 1] = '\0';
return bssid;