Some simple bugs I found by inspection: - reglib_parse_country_dfs() always overflows the alpha2[] array by one byte as sscanf() will write a terminating null byte. - reglib_parse_country_dfs() can overflow the dfs_region_alpha[] array, given invalid input. If the input is always trusted then this may not matter. - reglib_deduce_band() can never return 60 (GHz) as the 5 GHz condition will have been matched already. - reg_rule_optimize_rd() has a bounds check on rule_idx but it's off-by-one. Ben. -- Ben Hutchings One of the nice things about standards is that there are so many of them.
Attachment:
signature.asc
Description: This is a digitally signed message part
