ead: message handling fixes

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13828 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/ead/src/ead-client.c b/package/ead/src/ead-client.c
index 111dc8a..14e04c4 100644 (file)
--- a/package/ead/src/ead-client.c
+++ b/package/ead/src/ead-client.c
@@ -143,7 +143,10 @@ static bool
 handle_pong(void)
 {
        struct ead_msg_pong *pong = EAD_DATA(msg, pong);
 handle_pong(void)
 {
        struct ead_msg_pong *pong = EAD_DATA(msg, pong);

-       int len = msg->len - sizeof(struct ead_msg_pong);
+       int len = ntohl(msg->len) - sizeof(struct ead_msg_pong);
+
+       if (len <= 0)
+               return false;

 
        pong->name[len] = 0;
        auth_type = ntohs(pong->auth_type);
 
        pong->name[len] = 0;
        auth_type = ntohs(pong->auth_type);

diff --git a/package/ead/src/ead.c b/package/ead/src/ead.c
index 7367c38..c4d3dd9 100644 (file)
--- a/package/ead/src/ead.c
+++ b/package/ead/src/ead.c
@@ -330,7 +330,7 @@ handle_ping(struct ead_packet *pkt, int len, int *nstate)
 
        msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
        strncpy(pong->name, dev_name, slen);
 
        msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
        strncpy(pong->name, dev_name, slen);

-       pong->name[len] = 0;
+       pong->name[slen] = 0;

        pong->auth_type = htons(EAD_AUTH_MD5);
 
        return true;
        pong->auth_type = htons(EAD_AUTH_MD5);
 
        return true;