[PATCH] Use priority list instead of global for PNO

Dmitry Shmidt dimitrysh
Thu Feb 12 10:27:33 PST 2015 

On Thu, Feb 12, 2015 at 5:29 AM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Feb 10, 2015 at 10:32:23AM -0800, Dmitry Shmidt wrote:
>> diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
>> @@ -2009,9 +2009,11 @@ int wpas_start_pno(struct wpa_supplicant *wpa_s)
>>                                         sizeof(struct wpa_driver_scan_filter));
>>         i = 0;
>> -       ssid = wpa_s->conf->ssid;
>> -       while (ssid) {
>> +       prio = 0;
>> +       ssid = wpa_s->conf->pssid[prio];
>> +       while (ssid && (prio < wpa_s->conf->num_prio)) {
>
>> @@ -2028,7 +2030,10 @@ int wpas_start_pno(struct wpa_supplicant *wpa_s)
>> -               ssid = ssid->next;
>> +               if (ssid->pnext)
>> +                       ssid = ssid->pnext;
>> +               else
>> +                       ssid = wpa_s->conf->pssid[++prio];
>
> It looks like other cases of iterating through ssid->pnext pointers are
> using a separate for loop to go through all the prio values (e.g., see
> wpa_supplicant_pick_new_network()). Those would allow the
> wpa_s->conf->pssid[] array to have a NULL pointer in it. This does not
> seem to happen currently, so this is not of that much concern on its own
> and the single loop here could be made to work. However, it looks like
> the final loop through this would read beyond the end of the pssid[]
> array. The while condition would stop that ssid pointer from being used,
> but if I understood the implementation here correctly, that
> pssid[++prio] would need to be protected with something like
>
>         if (ssid->pnext)
>                 ssid = ssid->pnext;
>         else if (prio + 1 == wpa_s->conf->num_prio)
>                 break;
>         else
>                 ssid = wpa_s->conf->pssid[++prio];
>
> to avoid potential issues (and analyzer warnings) on reading one pointer
> beyond the allocation of the pssid[] array.

Thank you for catching this. New patch is attached.

>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-priority-list-instead-of-global-for-PNO.patch
Type: application/octet-stream
Size: 1582 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150212/b4860ca9/attachment.obj>

More information about the Hostap mailing list