[RFC] hostapd: Fix pointer assignment for new iface alloc
Mohammed Shafi Shajakhan
mohammed at qca.qualcomm.com
Fri May 17 01:15:09 EDT 2013
On Thu, May 16, 2013 at 07:45:30PM +0300, Jouni Malinen wrote:
> On Thu, May 16, 2013 at 08:14:08PM +0530, Mohammed Shafi Shajakhan wrote:
> > interface count has to be increment, otherwise the previous interfaces
> > per-interface data structure maintained inside 'hapd_interfaces'
> > is over-written.
>
> > diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
> > @@ -1185,6 +1185,7 @@ hostapd_iface_alloc(struct hapd_interfaces *interfaces)
> > if (iface == NULL)
> > return NULL;
> > interfaces->iface = iface;
> > + interfaces->count++;
> > hapd_iface = interfaces->iface[interfaces->count] =
> > os_zalloc(sizeof(*hapd_iface));
>
> Huh? That would make this interfaces->iface[interfaces->count]
> assignment a buffer overflow. The previous code looks fine as-is.
sorry, misread the code. thanks for the review.
shafi
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
More information about the HostAP
mailing list