[RFC] hostapd: Fix pointer assignment for new iface alloc
Jouni Malinen
j
Thu May 16 09:45:30 PDT 2013
On Thu, May 16, 2013 at 08:14:08PM +0530, Mohammed Shafi Shajakhan wrote:
> interface count has to be increment, otherwise the previous interfaces
> per-interface data structure maintained inside 'hapd_interfaces'
> is over-written.
> diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
> @@ -1185,6 +1185,7 @@ hostapd_iface_alloc(struct hapd_interfaces *interfaces)
> if (iface == NULL)
> return NULL;
> interfaces->iface = iface;
> + interfaces->count++;
> hapd_iface = interfaces->iface[interfaces->count] =
> os_zalloc(sizeof(*hapd_iface));
Huh? That would make this interfaces->iface[interfaces->count]
assignment a buffer overflow. The previous code looks fine as-is.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list