Hi, Just looked at some MLME stuff and noticed that apparently the mesh-config IE is never checked for having a correct length so if it is less than 17 bytes long we could even overrun the SKB when memcpy'ing the data into bss->mesh_cfg. Maybe a (packed) structure should be used for the bss->mesh_cfg member so access to it is easier? Could you take a look and fix this if necessary? johannes
Attachment:
signature.asc
Description: This is a digitally signed message part