On Monday, 3 June 2019 21:21:17 CEST John Crispin wrote: > The ppet field inside ieee80211_he_capabilities is of size [0]. The code > currently copies up to 12 additional bytes into the buffer, thus overwriting > memory. Fix this by verifying the size properly and using the passed length > value for allocation and the following memcpy() call. > > Signed-off-by: John Crispin <john@xxxxxxxxxxx> > --- > src/ap/ieee802_11_he.c | 39 ++++++++++++++++++++++++++++++++++++--- > 1 file changed, 36 insertions(+), 3 deletions(-) Ran into the same problem and tested it together with https://patchwork.ozlabs.org/patch/1114908/ to get the HE mesh new peer capability handling working. Tested-by: Sven Eckelmann <seckelmann@xxxxxxxxx> Kind regards, Sven
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap