[PATCH 15/15] wpa_supplicant: Add support for Beacon Report Radio Measurement

Jouni Malinen j at w1.fi
Tue Jan 3 10:12:17 PST 2017

Thanks, I applied the patches with cleanup and number of fixes. There
seemed to be some rebasing(?) related issues that resulted in
introducing a fatal flow (double free) in the middle of series; I fixed
that by moving the fix to that issue to the patch that introduced the
problem. Restructuring RRM processing was also breaking LCI report
generation.. It would be good to make sure there is sufficient hwsim
test case coverage to avoid that.

This 15/15 seemed to introduce number of security vulnerabilities by not
checking subelement length fields properly and not checking the bitfield
pointer (eids). Those could result in remotely triggered DoS, so it
would be good to be more careful in validating all received input. In
addition, there seemed to be some smaller issues in how parameters are
interpreted, e.g., for determining VHT channel bandwidth.

I fixed all the issues that I found while working on proper hwsim test
coverage for RRM. This and the cleanup mentioned above resulted in quite
a few changes, so it would be good if you can review the committed
versions of the patches that I pushed into the repository.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list