projects
/
libeap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f3833ae
)
Fixed a buffer overflow in nla_parse call
author
Jouni Malinen
<j@w1.fi>
Fri, 6 Jun 2008 13:51:17 +0000
(16:51 +0300)
committer
Jouni Malinen
<j@w1.fi>
Fri, 6 Jun 2008 13:51:17 +0000
(16:51 +0300)
The first argument (tb) to nla_parse must have room for maxtype+1, not
maxtype, elements.
hostapd/driver_nl80211.c
patch
|
blob
|
history
diff --git
a/hostapd/driver_nl80211.c
b/hostapd/driver_nl80211.c
index
a1a5094
..
9aaab60
100644
(file)
--- a/
hostapd/driver_nl80211.c
+++ b/
hostapd/driver_nl80211.c
@@
-273,7
+273,7
@@
static inline int min_int(int a, int b)
static int get_key_handler(struct nl_msg *msg, void *arg)
{
- struct nlattr *tb[NL80211_ATTR_MAX];
+ struct nlattr *tb[NL80211_ATTR_MAX
+ 1
];
struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),