From 5d3a14a2c9f63b3762243af312cb62f1f6fd85b6 Mon Sep 17 00:00:00 2001
From: Sander Vanheule <sander@svanheule.net>
Date: Fri, 3 Feb 2023 23:03:20 +0100
Subject: [PATCH] tplink-safeloader: ignore NULLs in version info

When the soft-version partition contents are checked for a text-format
version string, isascii() is used to check the contained bytes. This
also returns true on control characters, which includes terminating
NULL characters.

After checking if the data is a string, use the actual string length for
printing the contained data to avoid outputting NULLs to stdout.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
---
 src/tplink-safeloader.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/tplink-safeloader.c b/src/tplink-safeloader.c
index 05b7ca1..51f6683 100644
--- a/src/tplink-safeloader.c
+++ b/src/tplink-safeloader.c
@@ -3928,18 +3928,16 @@ static int firmware_info(const char *input)
 		if (fread(buf, data_len, 1, fp) != 1)
 			error(1, errno, "Can not read fwup-ptn data from the firmware");
 
-		/* Check for string ignoring padding character */
-		isstr = true;
-		for (i = 0; i < data_len - 1; i++) {
-			if (!isascii(buf[i])) {
-				isstr = false;
-				break;
-			}
-		}
+		/* Check for (null-terminated) string */
+		ascii_len = 0;
+		while (ascii_len < data_len && isascii(buf[ascii_len]))
+			ascii_len++;
+
+		isstr = ascii_len == data_len;
 
 		printf("\n[Software version]\n");
 		if (isstr) {
-			fwrite(buf, data_len, 1, stdout);
+			fwrite(buf, strnlen(buf, data_len), 1, stdout);
 			putchar('\n');
 		} else if (data_len >= offsetof(struct soft_version, rev)) {
 			s = (struct soft_version *)buf;
-- 
2.30.2