wpabuf overflow with WPS

Wang Linetkux chinawrj at gmail.com
Tue May 10 17:40:44 PDT 2016

Hi, Jouni
  Added now. It's the first time that I contribute to open-source
community in such way. I hope the format of patch is well.


2016-05-11 0:53 GMT+08:00 Jouni Malinen <j at w1.fi>:
> On Tue, May 10, 2016 at 06:52:23PM +0800, Wang Linetkux wrote:
>>    I have figured out what's going a few days a ago on OpenWrt DD.
>> This issue is caused by the uninitialized ptr of wpa buffer, which is
>> introduced by the following commit:
>> 2015-11-29 20:53 Jouni Malinen      o Fix memory leak on NFC DH
>> generation error path
>> Commit ID: 4104267e81b0a0acdb43f693a67f236b3237a719
>> In this patch, "wpabuf_free" is called in "dh5_init", which assumes
>> that ptr of wpa buffer is already set. But actually ptr of wpa buffer
>> may be still uninitialized.
>> I have generated the patch for these issue.
> Excellent, thank you. Could you please provide a Signed-off-by: line to
> be added to the end of the commit message as described in the top level
> CONTRIBUTIONS file? I need that for all hostap.git commits.
> --
> Jouni Malinen                                            PGP id EFC895FA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-un-set-pointer-which-cause-segment-fault.patch
Type: application/octet-stream
Size: 739 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160511/0f402bf2/attachment.obj>

More information about the Hostap mailing list