Crash while hs20=1 in wpa_supplicant.conf
Shyam
shyamms2003
Tue Feb 5 06:10:39 PST 2013
Hi,
I noticed a crash when I enabled hs20=1 in conf file of the
supplicant. The crash referred to the bad address being accessed.
I took a look at the scan.c file, the buffer resize happens for 6
whereas the function wpas_hs20_add_indication adds 7 bytes of
information.
if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 6) == 0)
wpas_hs20_add_indication(extra_ie);
The fix should be to increase the resize value to 7 instead of 6,
which fixed the crash.
Thanks,
Shyam
More information about the Hostap
mailing list