[PATCH v2 03/12] P2PS: Add channel policy to PD Request
Jouni Malinen
j
Sun Oct 11 11:41:20 PDT 2015
On Thu, Oct 08, 2015 at 12:35:58PM +0300, Ilan Peer wrote:
> diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
> @@ -646,6 +637,19 @@ static u8 p2ps_group_capability(void *ctx, u8 incoming, u8 role)
> + if (force_freq && pref_freq) {
> + unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
> + *force_freq = 0;
> + *pref_freq = 0;
> +
> + if (!wpas_p2p_setup_freqs(wpa_s, 0, force_freq, pref_freq, 0,
> + pref_freq_list, &size))
This could result in buffer write overflow due to uninitialized 'size'
variable. It needs to be set to the maximum number of entries in
pref_freq_list before this call. I'll fix this with "size =
P2P_MAX_PREF_CHANNELS;" before the call.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list