@@ -83,6 +83,7 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
struct ext_password_file_data *data = ctx;
struct wpabuf *password = NULL;
char buf[512], *pos;
+ size_t name_len;
int line = 0;
FILE *f;
@@ -94,6 +95,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
return NULL;
}
+ name_len = os_strlen(name);
+
wpa_printf(MSG_DEBUG, "EXT PW FILE: get(%s)", name);
while ((pos = fgets(buf, sizeof(buf), f))) {
@@ -121,7 +124,8 @@ static struct wpabuf * ext_password_file_get(void *ctx, const char *name)
}
- if (os_strncmp(name, pos, sep - pos) != 0)
+ if (name_len != (size_t) (sep - pos) ||
+ os_strncmp(name, pos, sep - pos) != 0)
continue;
password = wpabuf_alloc_copy(sep + 1, os_strlen(sep + 1));
When searching for a matching key in the external password file, strings were only compared up to the length of the key in the file. This meant searching for key "foo" could retrieve the incorrect password if keys "f" or "fo" were defined earlier in the file. Signed-off-by: Joshua Manchester <joshuamanchester4@gmail.com> --- src/utils/ext_password_file.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)