How to test CVE-2015-1863 on android

Jouni Malinen j
Sun May 3 11:11:46 PDT 2015

On Tue, Apr 28, 2015 at 09:29:21AM +0800, ??? wrote:
> P2P: Validate SSID element length before copying
> How to test such issue on android?

What exactly do you want to test? Whether this issue is present in a
specific device for which you do not have source code for to verify
whether it was fixed? If so, it's probably easiest to open the Wi-Fi
Direct window to start device discovery and use a test tool (e.g.,
another device with modified wpa_supplicant in P2P listen state) to
reply with a 255-octet long SSID element. If the issue is present in the
Android device, the segmentation fault for the wpa_supplicant process
should be visible in the logcat output.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list