mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
Fixed a buffer overflow in nla_parse call
The first argument (tb) to nla_parse must have room for maxtype+1, not maxtype, elements.
This commit is contained in:
parent
f3833aee90
commit
3f3339dfe7
@ -273,7 +273,7 @@ static inline int min_int(int a, int b)
|
||||
|
||||
static int get_key_handler(struct nl_msg *msg, void *arg)
|
||||
{
|
||||
struct nlattr *tb[NL80211_ATTR_MAX];
|
||||
struct nlattr *tb[NL80211_ATTR_MAX + 1];
|
||||
struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
|
||||
|
||||
nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
|
||||
|
Loading…
Reference in New Issue
Block a user