[bugreport] le_WifiClient_Create string length problems


#1

Hi

We have just identified a problem with the le_WifiClient_Create function when used as in the example:

Here the ssid is given as a string and a length of that string without it’s zero termination character.

In the implementation of le_wifiClient_Create, this ssid is simply memcpy’d by the length given as input into a newly allocated structure which have not been cleared beforehand. This results in the fact that the subsequent handling of the ssid can work on a combination of the newly given ssid and whatever were in the memory just allocated.

We have fixed this by adding 1 to the length of the ssid given to ensure that the zero termination character is also memcpy’ed.

In our product this bug gave the result that if you had set the system to use one ssid, say “AsusAccessPoint” and then changes this to a much smaller one, say “Foo”, the ssid the framework would actually try to connect to were “FoosAccessPoint”.

Hope this makes sense. I would have made a pull request for this, but since I think the correct solution for this problem is simply to not accept the string length as input and instead use strlen internally, this would be an API breaking change that you might not be interested in accepting.

Kind regards

Andreas


#2

Is this the correct place to make such a bugreport or should I do it at github?


#3

Thanks for finding this bug!

At the moment GitHub ( https://github.com/legatoproject/legato-af/issues ) is the preferred place.


#4

Made a issue report here: