[PATCH] Fixed the array out of bound for pref_freq_list in wpas_p2p_setup_freqs() function

Jouni Malinen j at w1.fi
Sun Dec 11 15:05:01 PST 2016

On Fri, Dec 09, 2016 at 06:55:59PM +0530, Amit Purwar wrote:
> diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
> @@ -5239,11 +5239,10 @@ static int wpas_p2p_setup_freqs(struct wpa_supplicant *wpa_s, int freq,
> -			while ((!p2p_supported_freq(wpa_s->global->p2p,
> +			while (i < *num_pref_freq && (!p2p_supported_freq(wpa_s->global->p2p,
>  						    pref_freq_list[i]) ||

Thanks, applied. It looks like this cannot be reached in practice due to
the array being large enough (P2P_MAX_PREF_CHANNELS = 100) for there to
be any driver that would advertise enough preferred channels to reach
the end of the array. I updated the commit message to say so to make it
easier to understand impact of this.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list