jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fixed a buffer overflow in nla_parse call

Browse source 
The first argument (tb) to nla_parse must have room for maxtype+1, not
maxtype, elements.
This commit is contained in:
Jouni Malinen 2008-06-06 16:51:17 +03:00
parent f3833aee90
commit 3f3339dfe7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hostapd/driver_nl80211.c
View file

@ -273,7 +273,7 @@ static inline int min_int(int a, int b)
static int get_key_handler(struct nl_msg *msg, void *arg)
{
struct nlattr *tb[NL80211_ATTR_MAX];
struct nlattr *tb[NL80211_ATTR_MAX + 1];
struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),