Off-by-one error in drivers?
j.witteveen at gmail.com
Sun Nov 2 17:08:34 EST 2008
If I am right the following wpa_supplicant drivers contain an OBOE
They all have an ifname c-string of IFNAMSIZ + 1 bytes as to fit an
interfacename of IFNAMSIZ characters. They then go on to use
os_strlcpy to copy at most IFNAMSIZ characters from the ifname to some
other variable. Not only does it look like the null character is not
accounted for, it also seems to neglect that strlcpy _will_ write the
terminating character. Because of this last caveat an interfacename of
IFNAMSIZ characters gets truncated (the last character is turned into
Can anyone comment on this?
More information about the HostAP