[PATCH] wpa_supplicant: Add bss_flush command to invalidate scan results
Jouni Malinen
j
Sat Aug 25 04:08:48 PDT 2012
On Sat, Aug 25, 2012 at 09:36:35AM +0200, Vitaly Wool wrote:
> On Fri, Aug 24, 2012 at 8:14 PM, Dmitry Shmidt <dimitrysh at google.com> wrote:
> > + int flush_age = atoi(cmd);
> >
>
> This is unsafe, e. g. if cmd is "foo", atoi will return -1. Do you really
> want to call flush_by_age with age -1 in this case?
Which atoi() implementation returns -1 if the string does not include
any digits? While error conditions in atoi() are undefined by C
standard, this looks like a case where atoi() could be considered to
match strtol(nptr, (char **) NULL, 10) and strtol() is defined to return
0 if conversion could not be done. All atoi() implementations I've
tested seem to return 0 in this type of case.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list