wifi/esp32: Fix overflow in SSID copy

In the previous code, strnlen could have returned WIFI_SSID_MAX_LEN, and
the following statement ensuring NUL termination would have written one past
the end of the array.

Replace this with code that ensures a NUL termination within the bounds
of the array and then use strlen to compute the length.

Signed-off-by: Keith Packard <[email protected]>

Author: keith-packard

drivers/wifi/esp32/src/esp_wifi_drv.c

@@ -770,8 +770,10 @@ static int esp32_wifi_status(const struct device *dev, struct wifi_iface_status
 	}
 
 	strncpy(status->ssid, data->status.ssid, WIFI_SSID_MAX_LEN);
-	status->ssid_len = strnlen(data->status.ssid, WIFI_SSID_MAX_LEN);
-	status->ssid[status->ssid_len] = '\0';
+	/* Ensure the result is NUL terminated */
+	status->ssid[WIFI_SSID_MAX_LEN-1] = '\0';
+	/* We know it is NUL terminated, so we can use strlen */
+	status->ssid_len = strlen(data->status.ssid);
 	status->band = WIFI_FREQ_BAND_2_4_GHZ;
 	status->link_mode = WIFI_LINK_MODE_UNKNOWN;
 	status->mfp = WIFI_MFP_DISABLE;