All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ap: fix off by one error
@ 2021-01-29 20:59 James Prestwood
  2021-01-29 21:04 ` Denis Kenzior
  0 siblings, 1 reply; 2+ messages in thread
From: James Prestwood @ 2021-01-29 20:59 UTC (permalink / raw)
  To: iwd

[-- Attachment #1: Type: text/plain, Size: 647 bytes --]

The RSN element was not being allocated properly which caused
an invalid read in some cases.
---
 src/ap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ap.c b/src/ap.c
index e695a67e..ce639907 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -2212,7 +2212,7 @@ static bool ap_parse_new_station_ies(const void *data, uint16_t len,
 				goto parse_error;
 
 			rsn = l_memdup(ie_tlv_iter_get_data(&iter) - 2,
-					ie_tlv_iter_get_length(&iter) + 1);
+					ie_tlv_iter_get_length(&iter) + 2);
 			break;
 		case IE_TYPE_EXTENDED_SUPPORTED_RATES:
 			if (ap_parse_supported_rates(&iter, &rates) < 0)
-- 
2.26.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-29 21:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-29 20:59 [PATCH] ap: fix off by one error James Prestwood
2021-01-29 21:04 ` Denis Kenzior

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.