[PATCH] Fix out of bounds memory access when removing vendor elements.
j at w1.fi
Mon Oct 6 18:36:18 EDT 2014
On Mon, Oct 06, 2014 at 12:24:33PM +0100, Toby Gray wrote:
> Commit 86bd36f0d5b3d359075c356d68977b4d2e7c9f71 ("Add generic
> mechanism for adding vendor elements into frames") has a minor bug
> where it miscalculates the length of memory to move using
> os_memmove. If multiple vendor elements are specified then this can
> lead to out of bounds memory accesses.
> This patch fixes this by calculating the correct length of remaining
> data to shift down in the information element.
Thanks, applied. I also extended the hwsim test script to check for
this. Previously, it was only deleting the first IE and the issue was
Jouni Malinen PGP id EFC895FA
More information about the HostAP