legatoproject / legato-af

Legato Application Framework
Mozilla Public License 2.0
153 stars 118 forks source link

le_WifiClient_Create string length problems #39

Closed andcor closed 5 years ago

andcor commented 5 years ago

Hi

We have just identified a problem with the le_WifiClient_Create function when used as in the example: https://github.com/legatoproject/legato-WiFi/blob/master/apps/sample/wifiClientTest/wifiClientTestComponent/wifiClientTest.c

Here the ssid is given as a string and a length of that string without it's zero termination character.

In the implementation of le_wifiClient_Create, this ssid is simply memcpy'd by the length given as input into a newly allocated structure which have not been cleared beforehand. This results in the fact that the subsequent handling of the ssid can work on a combination of the newly given ssid and whatever were in the memory just allocated.

We have fixed this by adding 1 to the length of the ssid given to ensure that the zero termination character is also memcpy'ed.

In our product this bug gave the result that if you had set the system to use one ssid, say "AsusAccessPoint" and then changes this to a much smaller one, say "Foo", the ssid the framework would actually try to connect to were "FoosAccessPoint".

Hope this makes sense. I would have made a pull request for this, but since I think the correct solution for this problem is simply to not accept the string length as input and instead use strlen internally, this would be an API breaking change that you might not be interested in accepting.

Kind regards

Andreas

CoRfr commented 5 years ago

Hi @andcor ,

Thanks for reporting this issue.

We fixed it in https://github.com/legatoproject/legato-WiFi/commit/0ef47068d73be22a81abc8127798d878a21c5b68 following your report.