[PATCH v2 03/12] P2PS: Add channel policy to PD Request
Peer, Ilan
ilan.peer
Mon Oct 12 06:11:27 PDT 2015
Hi Jouni,
> -----Original Message-----
> From: Jouni Malinen [mailto:j at w1.fi]
> Sent: Sunday, October 11, 2015 21:41
> To: Peer, Ilan
> Cc: hostap at lists.shmoo.com
> Subject: Re: [PATCH v2 03/12] P2PS: Add channel policy to PD Request
>
> On Thu, Oct 08, 2015 at 12:35:58PM +0300, Ilan Peer wrote:
>
> > diff --git a/wpa_supplicant/p2p_supplicant.c
> > b/wpa_supplicant/p2p_supplicant.c @@ -646,6 +637,19 @@ static u8
> > p2ps_group_capability(void *ctx, u8 incoming, u8 role)
>
> > + if (force_freq && pref_freq) {
> > + unsigned int pref_freq_list[P2P_MAX_PREF_CHANNELS], size;
> > + *force_freq = 0;
> > + *pref_freq = 0;
> > +
> > + if (!wpas_p2p_setup_freqs(wpa_s, 0, force_freq, pref_freq,
> 0,
> > + pref_freq_list, &size))
>
> This could result in buffer write overflow due to uninitialized 'size'
> variable. It needs to be set to the maximum number of entries in
> pref_freq_list before this call. I'll fix this with "size =
> P2P_MAX_PREF_CHANNELS;" before the call.
>
Hmm .. I might be missing something, but you eventually did not have this change. Is it intentional?
Thanks,
Ilan.
More information about the Hostap
mailing list