Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

Fixed a buffer overflow in nla_parse call

Browse Source 
The first argument (tb) to nla_parse must have room for maxtype+1, not
maxtype, elements.
This commit is contained in:
Jouni Malinen 2008-06-06 16:51:17 +03:00
parent f3833aee90
commit 3f3339dfe7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hostapd/driver_nl80211.c
View File

@ -273,7 +273,7 @@ static inline int min_int(int a, int b)
static int get_key_handler(struct nl_msg *msg, void *arg)
{
struct nlattr *tb[NL80211_ATTR_MAX];
struct nlattr *tb[NL80211_ATTR_MAX + 1];
struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),