wpabuf overflow with WPS
Jouni Malinen
j at w1.fi
Tue May 10 09:53:45 PDT 2016
On Tue, May 10, 2016 at 06:52:23PM +0800, Wang Linetkux wrote:
> I have figured out what's going a few days a ago on OpenWrt DD.
> This issue is caused by the uninitialized ptr of wpa buffer, which is
> introduced by the following commit:
>
> 2015-11-29 20:53 Jouni Malinen o Fix memory leak on NFC DH
> generation error path
> Commit ID: 4104267e81b0a0acdb43f693a67f236b3237a719
>
> In this patch, "wpabuf_free" is called in "dh5_init", which assumes
> that ptr of wpa buffer is already set. But actually ptr of wpa buffer
> may be still uninitialized.
>
> I have generated the patch for these issue.
Excellent, thank you. Could you please provide a Signed-off-by: line to
be added to the end of the commit message as described in the top level
CONTRIBUTIONS file? I need that for all hostap.git commits.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list