From a59a9bf3a9ae86ea8b6a0c2af93de2d3d526fdbc Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Fri, 2 Jan 2009 23:51:57 +0000
Subject: ead: message handling fixes

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13828 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/ead/src/ead-client.c | 5 ++++-
 package/ead/src/ead.c        | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'package/ead/src')

diff --git a/package/ead/src/ead-client.c b/package/ead/src/ead-client.c
index 111dc8ac63..14e04c40ba 100644
--- a/package/ead/src/ead-client.c
+++ b/package/ead/src/ead-client.c
@@ -143,7 +143,10 @@ static bool
 handle_pong(void)
 {
 	struct ead_msg_pong *pong = EAD_DATA(msg, pong);
-	int len = msg->len - sizeof(struct ead_msg_pong);
+	int len = ntohl(msg->len) - sizeof(struct ead_msg_pong);
+
+	if (len <= 0)
+		return false;
 
 	pong->name[len] = 0;
 	auth_type = ntohs(pong->auth_type);
diff --git a/package/ead/src/ead.c b/package/ead/src/ead.c
index 7367c38658..c4d3dd9f41 100644
--- a/package/ead/src/ead.c
+++ b/package/ead/src/ead.c
@@ -330,7 +330,7 @@ handle_ping(struct ead_packet *pkt, int len, int *nstate)
 
 	msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
 	strncpy(pong->name, dev_name, slen);
-	pong->name[len] = 0;
+	pong->name[slen] = 0;
 	pong->auth_type = htons(EAD_AUTH_MD5);
 
 	return true;
-- 
cgit v1.2.3