[PATCH] wpa_supplicant: Add bss_flush command to invalidate scan results

Jouni Malinen j at w1.fi
Sat Aug 25 07:08:48 EDT 2012

On Sat, Aug 25, 2012 at 09:36:35AM +0200, Vitaly Wool wrote:
> On Fri, Aug 24, 2012 at 8:14 PM, Dmitry Shmidt <dimitrysh at google.com> wrote:
> > +       int flush_age = atoi(cmd);
> >
> This is unsafe, e. g. if cmd is "foo", atoi will return -1. Do you really
> want to call flush_by_age with age -1 in this case?

Which atoi() implementation returns -1 if the string does not include
any digits? While error conditions in atoi() are undefined by C
standard, this looks like a case where atoi() could be considered to
match strtol(nptr, (char **) NULL, 10) and strtol() is defined to return
0 if conversion could not be done. All atoi() implementations I've
tested seem to return 0 in this type of case.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list