[PATCH] HE: fix he_capabilities size

Sven Eckelmann sven at narfation.org
Thu Jun 13 01:08:38 PDT 2019


On Monday, 3 June 2019 21:21:17 CEST John Crispin wrote:
> The ppet field inside ieee80211_he_capabilities is of size [0]. The code
> currently copies up to 12 additional bytes into the buffer, thus overwriting
> memory. Fix this by verifying the size properly and using the passed length
> value for allocation and the following memcpy() call.
> 
> Signed-off-by: John Crispin <john at phrozen.org>
> ---
>  src/ap/ieee802_11_he.c | 39 ++++++++++++++++++++++++++++++++++++---
>  1 file changed, 36 insertions(+), 3 deletions(-)

Ran into the same problem and tested it together with
https://patchwork.ozlabs.org/patch/1114908/ to get the HE mesh new peer 
capability handling working.

Tested-by: Sven Eckelmann <seckelmann at datto.com>

Kind regards,
	Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20190613/9c6db1b8/attachment-0001.sig>


More information about the Hostap mailing list