Check snprintf() return values to silence compiler warnings
Some compilers warn about potential buffer truncation if the snprintf()
return value is not checked.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
diff --git a/ap.c b/ap.c
index 941a0d4..0c71c94 100644
--- a/ap.c
+++ b/ap.c
@@ -1651,7 +1651,7 @@
DIR *dir;
struct dirent *entry;
char buf[128], path[128];
- int ret = 0;
+ int ret = 0, res;
dir = opendir(dir_path);
if (!dir)
@@ -1664,21 +1664,22 @@
strcmp(entry->d_name, "..") == 0)
continue;
- snprintf(path, sizeof(path) - 1, "%s/%s",
- dir_path, entry->d_name);
- path[sizeof(path) - 1] = 0;
+ res = snprintf(path, sizeof(path) - 1, "%s/%s",
+ dir_path, entry->d_name);
+ if (res < 0 || res >= sizeof(path))
+ continue;
if (strcmp(entry->d_name, sta_mac) == 0) {
- snprintf(buf, sizeof(buf), "echo 1 > %s/aggr_mode",
- path);
- if (system(buf) != 0) {
+ res = snprintf(buf, sizeof(buf),
+ "echo 1 > %s/aggr_mode", path);
+ if (res < 0 || res >= sizeof(buf) || system(buf) != 0) {
sigma_dut_print(dut, DUT_MSG_ERROR,
"Failed to set aggr mode for ath10k");
}
- snprintf(buf, sizeof(buf), "echo %d 32 > %s/addba",
- tid, path);
- if (system(buf) != 0) {
+ res = snprintf(buf, sizeof(buf),
+ "echo %d 32 > %s/addba", tid, path);
+ if (res < 0 || res >= sizeof(buf) || system(buf) != 0) {
sigma_dut_print(dut, DUT_MSG_ERROR,
"Failed to set addbareq for ath10k");
}
@@ -2272,19 +2273,23 @@
const char *val)
{
char buf[256];
+ int res;
if (val == NULL) {
- snprintf(buf, sizeof(buf),
- "uci delete wireless.@wifi-iface[%d].%s", id, key);
- run_system(dut, buf);
+ res = snprintf(buf, sizeof(buf),
+ "uci delete wireless.@wifi-iface[%d].%s",
+ id, key);
+ if (res >= 0 && res < sizeof(buf))
+ run_system(dut, buf);
return;
}
- snprintf(buf, sizeof(buf), "uci add wireless wifi-iface");
- run_system(dut, buf);
- snprintf(buf, sizeof(buf), "uci set wireless.@wifi-iface[%d].%s=%s",
- id, key, val);
- run_system(dut, buf);
+ run_system(dut, "uci add wireless wifi-iface");
+ res = snprintf(buf, sizeof(buf),
+ "uci set wireless.@wifi-iface[%d].%s=%s",
+ id, key, val);
+ if (res >= 0 && res < sizeof(buf))
+ run_system(dut, buf);
snprintf(buf, sizeof(buf), "uci set wireless.@wifi-iface[%d].%s=%s",
id, "network", "lan");
run_system(dut, buf);
@@ -2873,7 +2878,7 @@
static int owrt_ap_config_vap(struct sigma_dut *dut)
{
char buf[256], *temp;
- int vap_id = 0, vap_count, i, j;
+ int vap_id = 0, vap_count, i, j, res;
const char *ifname;
char ifname2[50];
@@ -2911,9 +2916,15 @@
if (wlan_tag == 2 && dut->program == PROGRAM_WPA3 &&
(dut->ap_interface_5g || dut->ap_interface_2g)) {
- snprintf(dut->ap_tag_ssid[wlan_tag - 2],
- sizeof(dut->ap_tag_ssid[wlan_tag - 2]),
- "%s-owe", dut->ap_ssid);
+ res = snprintf(
+ dut->ap_tag_ssid[wlan_tag - 2],
+ sizeof(dut->ap_tag_ssid[wlan_tag - 2]),
+ "%s-owe", dut->ap_ssid);
+ if (res < 0 ||
+ res >= sizeof(dut->ap_tag_ssid[wlan_tag -
+ 2]))
+ dut->ap_tag_ssid[wlan_tag - 2][0] =
+ '\0';
}
if (dut->ap_tag_ssid[j][0] == '\0')
@@ -3947,7 +3958,7 @@
FILE *fp;
char *pid, *temp;
char *saveptr;
- int ret = -1;
+ int ret = -1, res;
if (dir == NULL)
return ret;
@@ -3956,7 +3967,9 @@
if (dp->d_type != DT_DIR)
continue;
- snprintf(buf, sizeof(buf), "%s%s", direc, dp->d_name);
+ res = snprintf(buf, sizeof(buf), "%s%s", direc, dp->d_name);
+ if (res < 0 || res >= sizeof(buf))
+ continue;
dir_in = opendir(buf);
if (dir_in == NULL)
continue;
@@ -3964,7 +3977,10 @@
closedir(dir_in);
if (dp_in == NULL)
continue;
- snprintf(buf, sizeof(buf), "%s%s/stat", direc, dp->d_name);
+ res = snprintf(buf, sizeof(buf), "%s%s/stat",
+ direc, dp->d_name);
+ if (res < 0 || res >= sizeof(buf))
+ continue;
fp = fopen(buf, "r");
if (fp == NULL)
continue;
@@ -5830,6 +5846,7 @@
char buf[100];
struct stat s;
const char *ifname = dut->ap_is_dual ? "ath1" : "ath0";
+ int res;
if (stat("/proc/athversion", &s) == 0) {
sigma_dut_print(dut, DUT_MSG_INFO, "Run apdown");
@@ -5877,8 +5894,10 @@
/* TODO: SAE configuration */
run_system(dut, "cfg -a AP_SECMODE=WPA");
run_system(dut, "cfg -a AP_SECFILE=PSK");
- snprintf(buf, sizeof(buf), "cfg -a 'PSK_KEY=%s'",
- dut->ap_passphrase);
+ res = snprintf(buf, sizeof(buf), "cfg -a 'PSK_KEY=%s'",
+ dut->ap_passphrase);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
if (dut->ap_cipher == AP_CCMP_TKIP)
run_system(dut, "cfg -a AP_CYPHER=\"CCMP TKIP\"");
@@ -5910,8 +5929,10 @@
snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_PORT=%d",
dut->ap_radius_port);
run_system(dut, buf);
- snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_SECRET=%s",
- dut->ap_radius_password);
+ res = snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_SECRET=%s",
+ dut->ap_radius_password);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
break;
case AP_WPA2_EAP_OSEN:
@@ -5981,8 +6002,11 @@
/* TODO: SAE configuration */
run_system(dut, "cfg -a AP_SECMODE_2=WPA");
run_system(dut, "cfg -a AP_SECFILE_2=PSK");
- snprintf(buf, sizeof(buf), "cfg -a 'PSK_KEY_2=%s'",
- dut->ap_passphrase);
+ res = snprintf(buf, sizeof(buf),
+ "cfg -a 'PSK_KEY_2=%s'",
+ dut->ap_passphrase);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
if (dut->ap_cipher == AP_CCMP_TKIP)
run_system(dut, "cfg -a AP_CYPHER_2=\"CCMP TKIP\"");
@@ -6015,8 +6039,11 @@
snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_PORT_2=%d",
dut->ap_radius_port);
run_system(dut, buf);
- snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_SECRET_2=%s",
- dut->ap_radius_password);
+ res = snprintf(buf, sizeof(buf),
+ "cfg -a AP_AUTH_SECRET_2=%s",
+ dut->ap_radius_password);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
break;
case AP_WPA2_EAP_OSEN:
@@ -6153,16 +6180,25 @@
run_system(dut, "cfg -a AP_SECMODE_2=WPA");
run_system(dut, "cfg -a AP_SECFILE_2=OSEN");
- snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_SERVER_2=%s",
- dut->ap2_radius_ipaddr);
+ res = snprintf(buf, sizeof(buf),
+ "cfg -a AP_AUTH_SERVER_2=%s",
+ dut->ap2_radius_ipaddr);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
- snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_PORT_2=%d",
- dut->ap2_radius_port);
+ res = snprintf(buf, sizeof(buf),
+ "cfg -a AP_AUTH_PORT_2=%d",
+ dut->ap2_radius_port);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
- snprintf(buf, sizeof(buf), "cfg -a AP_AUTH_SECRET_2=%s",
- dut->ap2_radius_password);
+ res = snprintf(buf, sizeof(buf),
+ "cfg -a AP_AUTH_SECRET_2=%s",
+ dut->ap2_radius_password);
+ if (res < 0 || res >= sizeof(buf))
+ return ERROR_SEND_STATUS;
run_system(dut, buf);
} else {
run_system(dut, "cfg -a AP_SECMODE_2=None");
@@ -8171,6 +8207,7 @@
char resp[200];
FILE *f;
enum driver_type drv = get_driver_type();
+ int res;
switch (drv) {
case DRIVER_ATHEROS: {
@@ -8200,15 +8237,17 @@
version = "Unknown";
if (if_nametoindex("ath1") > 0)
- snprintf(resp, sizeof(resp), "interface,ath0_24G "
- "ath1_5G,agent,1.0,version,%s/drv:%s",
- version, athver);
+ res = snprintf(resp, sizeof(resp),
+ "interface,ath0_24G ath1_5G,agent,1.0,version,%s/drv:%s",
+ version, athver);
else
- snprintf(resp, sizeof(resp), "interface,ath0_24G,"
- "agent,1.0,version,%s/drv:%s",
- version, athver);
-
- send_resp(dut, conn, SIGMA_COMPLETE, resp);
+ res = snprintf(resp, sizeof(resp),
+ "interface,ath0_24G,agent,1.0,version,%s/drv:%s",
+ version, athver);
+ if (res < 0 || res >= sizeof(resp))
+ send_resp(dut, conn, SIGMA_ERROR, NULL);
+ else
+ send_resp(dut, conn, SIGMA_COMPLETE, resp);
return 0;
}
case DRIVER_LINUX_WCN:
@@ -10439,6 +10478,7 @@
channel_freq;
char buf[100];
char *saveptr;
+ int res;
/* Extract the channel info */
token = strdup(val);
@@ -10463,10 +10503,10 @@
channel_freq = get_5g_channel_freq(channel);
/* Issue the channel switch command */
- snprintf(buf, sizeof(buf),
- " -i %s chan_switch 10 %d sec_channel_offset=1 center_freq1=%d bandwidth=%d blocktx vht",
- ifname, channel_freq, center_freq, chwidth);
- if (run_hostapd_cli(dut,buf) != 0) {
+ res = snprintf(buf, sizeof(buf),
+ " -i %s chan_switch 10 %d sec_channel_offset=1 center_freq1=%d bandwidth=%d blocktx vht",
+ ifname, channel_freq, center_freq, chwidth);
+ if (res < 0 || res >= sizeof(buf) || run_hostapd_cli(dut, buf) != 0) {
sigma_dut_print(dut, DUT_MSG_ERROR,
"hostapd_cli chan_switch failed");
}
diff --git a/basic.c b/basic.c
index feabc1d..8ae95ad 100644
--- a/basic.c
+++ b/basic.c
@@ -82,6 +82,7 @@
#ifdef __linux__
char model_buf[128];
char ver_buf[256];
+ int res;
#endif /* __linux__ */
char resp[512];
@@ -180,17 +181,19 @@
close(fd);
}
}
- snprintf(ver_buf, sizeof(ver_buf),
- "drv=%s%s%s%s%s%s%s/sigma=" SIGMA_DUT_VER "%s%s",
- compat_ver,
- wpa_supplicant_ver[0] ? "/wpas=" : "",
- wpa_supplicant_ver,
- hostapd_ver[0] ? "/hapd=" : "",
- hostapd_ver,
- host_fw_ver[0] ? "/wlan=" : "",
- host_fw_ver,
- dut->version ? "@" : "",
- dut->version ? dut->version : "");
+ res = snprintf(ver_buf, sizeof(ver_buf),
+ "drv=%s%s%s%s%s%s%s/sigma=" SIGMA_DUT_VER "%s%s",
+ compat_ver,
+ wpa_supplicant_ver[0] ? "/wpas=" : "",
+ wpa_supplicant_ver,
+ hostapd_ver[0] ? "/hapd=" : "",
+ hostapd_ver,
+ host_fw_ver[0] ? "/wlan=" : "",
+ host_fw_ver,
+ dut->version ? "@" : "",
+ dut->version ? dut->version : "");
+ if (res < 0 || res >= sizeof(ver_buf))
+ return ERROR_SEND_STATUS;
version = ver_buf;
}
#endif /* __linux__ */
diff --git a/dpp.c b/dpp.c
index 31a521c..0c3386a 100644
--- a/dpp.c
+++ b/dpp.c
@@ -69,6 +69,7 @@
const char *chan_list = get_param(cmd, "DPPChannelList");
char *pos, mac[50], buf[200], resp[1000], hex[2000];
const char *ifname = get_station_ifname();
+ int res;
if (success)
*success = 0;
@@ -118,9 +119,9 @@
if (chan_list &&
(strcmp(chan_list, "0/0") == 0 || chan_list[0] == '\0')) {
/* No channel list */
- snprintf(buf, sizeof(buf),
- "DPP_BOOTSTRAP_GEN type=qrcode curve=%s mac=%s",
- curve, mac);
+ res = snprintf(buf, sizeof(buf),
+ "DPP_BOOTSTRAP_GEN type=qrcode curve=%s mac=%s",
+ curve, mac);
} else if (chan_list) {
/* Channel list override (CTT case) - space separated tuple(s)
* of OperatingClass/Channel; convert to wpa_supplicant/hostapd
@@ -130,17 +131,18 @@
if (*pos == ' ')
*pos = ',';
}
- snprintf(buf, sizeof(buf),
- "DPP_BOOTSTRAP_GEN type=qrcode curve=%s chan=%s mac=%s",
- curve, resp, mac);
+ res = snprintf(buf, sizeof(buf),
+ "DPP_BOOTSTRAP_GEN type=qrcode curve=%s chan=%s mac=%s",
+ curve, resp, mac);
} else {
/* Default channel list (normal DUT case) */
- snprintf(buf, sizeof(buf),
- "DPP_BOOTSTRAP_GEN type=qrcode curve=%s chan=81/11 mac=%s",
- curve, mac);
+ res = snprintf(buf, sizeof(buf),
+ "DPP_BOOTSTRAP_GEN type=qrcode curve=%s chan=81/11 mac=%s",
+ curve, mac);
}
- if (wpa_command_resp(ifname, buf, resp, sizeof(resp)) < 0)
+ if (res < 0 || res >= sizeof(buf) ||
+ wpa_command_resp(ifname, buf, resp, sizeof(resp)) < 0)
return -2;
if (strncmp(resp, "FAIL", 4) == 0)
return -2;
@@ -156,8 +158,9 @@
if (send_result) {
ascii2hexstr(resp, hex);
- snprintf(resp, sizeof(resp), "BootstrappingData,%s", hex);
- send_resp(dut, conn, SIGMA_COMPLETE, resp);
+ res = snprintf(resp, sizeof(resp), "BootstrappingData,%s", hex);
+ send_resp(dut, conn, SIGMA_COMPLETE,
+ res >= 0 && res < sizeof(resp) ? resp : NULL);
}
if (success)
@@ -1048,7 +1051,9 @@
break;
case 1:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
if (enrollee_ap) {
conf_role = "ap-dpp";
} else {
@@ -1058,7 +1063,9 @@
break;
case 2:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
snprintf(conf_pass, sizeof(conf_pass),
"psk=10506e102ad1e7f95112f6b127675bb8344dacacea60403f3fa4055aec85b0fc");
if (enrollee_ap)
@@ -1068,9 +1075,13 @@
break;
case 3:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
ascii2hexstr("ThisIsDppPassphrase", buf);
- snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ res = snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ if (res < 0 || res >= sizeof(conf_pass))
+ goto err;
if (enrollee_ap)
conf_role = "ap-psk";
else
@@ -1078,7 +1089,9 @@
break;
case 4:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
if (enrollee_ap) {
conf_role = "ap-dpp";
} else {
@@ -1088,9 +1101,13 @@
break;
case 5:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
ascii2hexstr("ThisIsDppPassphrase", buf);
- snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ res = snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ if (res < 0 || res >= sizeof(conf_pass))
+ goto err;
if (enrollee_ap)
conf_role = "ap-sae";
else
@@ -1098,9 +1115,13 @@
break;
case 6:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
ascii2hexstr("ThisIsDppPassphrase", buf);
- snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ res = snprintf(conf_pass, sizeof(conf_pass), "pass=%s", buf);
+ if (res < 0 || res >= sizeof(conf_pass))
+ goto err;
if (enrollee_ap)
conf_role = "ap-psk-sae";
else
@@ -1108,7 +1129,9 @@
break;
case 7:
ascii2hexstr("DPPNET01", buf);
- snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ res = snprintf(conf_ssid, sizeof(conf_ssid), "ssid=%s", buf);
+ if (res < 0 || res >= sizeof(conf_ssid))
+ goto err;
if (enrollee_ap) {
conf_role = "ap-dpp";
} else {
@@ -1802,6 +1825,9 @@
wpa_ctrl_close(ctrl);
dut->default_timeout = old_timeout;
return 0;
+err:
+ send_resp(dut, conn, SIGMA_ERROR, NULL);
+ goto out;
}
diff --git a/sta.c b/sta.c
index ec257c0..e4d26d2 100644
--- a/sta.c
+++ b/sta.c
@@ -322,6 +322,7 @@
char buf[128], fname[128];
size_t towrite, written;
FILE *f;
+ int res;
if (length > WIL_WMI_MAX_PAYLOAD) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -340,7 +341,9 @@
return -1;
}
- snprintf(fname, sizeof(fname), "%s/wmi_send", buf);
+ res = snprintf(fname, sizeof(fname), "%s/wmi_send", buf);
+ if (res < 0 || res >= sizeof(fname))
+ return -1;
f = fopen(fname, "wb");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -368,7 +371,7 @@
FILE *f;
regex_t re;
regmatch_t m[2];
- int rc, ret = -1;
+ int rc, ret = -1, res;
if (wil6210_get_debugfs_dir(dut, buf, sizeof(buf))) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -376,7 +379,9 @@
return -1;
}
- snprintf(fname, sizeof(fname), "%s/stations", buf);
+ res = snprintf(fname, sizeof(fname), "%s/stations", buf);
+ if (res < 0 || res >= sizeof(fname))
+ return -1;
f = fopen(fname, "r");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -593,7 +598,7 @@
{
char buf[128], fname[128];
FILE *f;
- int res = 0;
+ int res = 0, r;
size_t written;
if (wil6210_get_debugfs_dir(dut, buf, sizeof(buf))) {
@@ -601,7 +606,9 @@
"failed to get wil6210 debugfs dir");
return -1;
}
- snprintf(fname, sizeof(fname), "%s/tx_mgmt", buf);
+ r = snprintf(fname, sizeof(fname), "%s/tx_mgmt", buf);
+ if (r < 0 || r >= sizeof(fname))
+ return -1;
if (wil6210_remain_on_channel(dut, freq)) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -5190,7 +5197,8 @@
{
const char *val;
int ampdu = -1, addbareject = -1;
- char buf[30];
+ char buf[128];
+ int res;
val = get_param(cmd, "40_INTOLERANT");
if (val) {
@@ -5426,9 +5434,10 @@
sigma_dut_print(dut, DUT_MSG_ERROR,
"Failed to set RTS_FORCE 64");
}
- snprintf(buf, sizeof(buf),
- "wifitool %s beeliner_fw_test 100 1", intf);
- if (system(buf) != 0) {
+ res = snprintf(buf, sizeof(buf),
+ "wifitool %s beeliner_fw_test 100 1",
+ intf);
+ if (res < 0 || res >= sizeof(buf) || system(buf) != 0) {
sigma_dut_print(dut, DUT_MSG_ERROR,
"wifitool beeliner_fw_test 100 1 failed");
}
@@ -5745,6 +5754,7 @@
{
char buf[128], fname[128];
FILE *f;
+ int res;
if (wil6210_get_debugfs_dir(dut, buf, sizeof(buf))) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -5752,7 +5762,9 @@
return -1;
}
- snprintf(fname, sizeof(fname), "%s/abft_len", buf);
+ res = snprintf(fname, sizeof(fname), "%s/abft_len", buf);
+ if (res < 0 || res >= sizeof(fname))
+ return -1;
f = fopen(fname, "w");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -8693,7 +8705,7 @@
FILE *f;
regex_t re;
regmatch_t m[2];
- int rc, ret = -1, vring_id, found;
+ int rc, ret = -1, vring_id, found, res;
if (wil6210_get_debugfs_dir(dut, dir, sizeof(dir))) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -8701,12 +8713,16 @@
return -1;
}
- snprintf(buf, sizeof(buf), "%s/vrings", dir);
+ res = snprintf(buf, sizeof(buf), "%s/vrings", dir);
+ if (res < 0 || res >= sizeof(buf))
+ return -1;
f = fopen(buf, "r");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR, "failed to open: %s", buf);
/* newer wil6210 driver renamed file to "rings" */
- snprintf(buf, sizeof(buf), "%s/rings", dir);
+ res = snprintf(buf, sizeof(buf), "%s/rings", dir);
+ if (res < 0 || res >= sizeof(buf))
+ return -1;
f = fopen(buf, "r");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -8755,7 +8771,9 @@
/* send the addba command */
fclose(f);
- snprintf(buf, sizeof(buf), "%s/back", dir);
+ res = snprintf(buf, sizeof(buf), "%s/back", dir);
+ if (res < 0 || res >= sizeof(buf))
+ return -1;
f = fopen(buf, "w");
if (!f) {
sigma_dut_print(dut, DUT_MSG_ERROR,
@@ -11780,7 +11798,7 @@
const char *val = get_param(cmd, "Ignore_blacklist");
const char *band = get_param(cmd, "Band");
struct wpa_ctrl *ctrl;
- int res;
+ int res, r;
char bssid[20], ssid[40], resp[100], buf[100], blacklisted[100];
int tries = 0;
int ignore_blacklist = 0;
@@ -11847,9 +11865,9 @@
*end = '\0';
sigma_dut_print(dut, DUT_MSG_DEBUG, "Try to connect to a blacklisted network: %s",
blacklisted);
- snprintf(buf, sizeof(buf), "INTERWORKING_CONNECT %s",
- blacklisted);
- if (wpa_command(intf, buf)) {
+ r = snprintf(buf, sizeof(buf), "INTERWORKING_CONNECT %s",
+ blacklisted);
+ if (r < 0 || r >= sizeof(buf) || wpa_command(intf, buf)) {
send_resp(dut, conn, SIGMA_ERROR, "errorCode,Failed to start Interworking connection to blacklisted network");
wpa_ctrl_detach(ctrl);
wpa_ctrl_close(ctrl);