From 541a1ffed7f5dac65196f368546237e7238ada61 Mon Sep 17 00:00:00 2001
From: deadprogram <ron@hybridgroup.com>
Date: Mon, 8 Jun 2026 10:52:12 +0200
Subject: [PATCH] fix(radio): check for negative credential lengths

Reject negative ssid_len and pwd_len in station and AP configurations
to prevent integer/cast wrap-around that causes out-of-bounds memcpy.

Orginally suggested by PR #48 thanks!

Signed-off-by: deadprogram <ron@hybridgroup.com>
---
 radio.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/radio.c b/radio.c
index d6ac3c5..87a3976 100644
--- a/radio.c
+++ b/radio.c
@@ -399,6 +399,9 @@ esp_err_t espradio_set_country_eu_manual(void) {
 
 esp_err_t espradio_sta_set_config(const char *ssid, int ssid_len,
                                   const char *pwd, int pwd_len) {
+    if (ssid_len < 0 || pwd_len < 0) {
+        return ESP_ERR_INVALID_ARG;
+    }
     wifi_config_t cfg;
     memset(&cfg, 0, sizeof(cfg));
     if (ssid_len > 32) ssid_len = 32;
@@ -413,6 +416,9 @@ esp_err_t espradio_sta_set_config(const char *ssid, int ssid_len,
 esp_err_t espradio_ap_set_config(const char *ssid, int ssid_len,
                                  const char *pwd, int pwd_len,
                                  uint8_t channel, int auth_open) {
+    if (ssid_len < 0 || pwd_len < 0) {
+        return ESP_ERR_INVALID_ARG;
+    }
     wifi_config_t cfg;
     memset(&cfg, 0, sizeof(cfg));
     if (ssid_len > 32) ssid_len = 32;