Patchwork wpa_supplicant: Fix invalid memcpy.

login
register
mail settings
Submitter Ben Greear
Date May 9, 2012, 5:54 p.m.
Message ID <1336586041-17444-1-git-send-email-greearb@candelatech.com>
Download mbox | patch
Permalink /patch/158020/
State Accepted
Commit 157cdad59fafe56ab41a67fb13ac61e248025fdd
Headers show

Comments

Ben Greear - May 9, 2012, 5:54 p.m.
From: Ben Greear <greearb@candelatech.com>

I think this should fix the following valgrind complaint:

==1972== Source and destination overlap in memcpy(0x5181708, 0x5181708, 16)
==1972==    at 0x4A073BA: memcpy (mc_replace_strmem.c:602)
==1972==    by 0x45872B: wpas_wps_set_uuid (wps_supplicant.c:1116)
==1972==    by 0x4599EC: wpas_wps_update_config (wps_supplicant.c:1747)
==1972==    by 0x4C8DB0: wpa_supplicant_update_config (wpa_supplicant.c:3090)
==1972==    by 0x4C3E5E: wpa_supplicant_reload_configuration (wpa_supplicant.c:746)
==1972==    by 0x4B8B37: wpa_supplicant_ctrl_iface_process (ctrl_iface.c:4082)
==1972==    by 0x4BA39C: wpa_supplicant_ctrl_iface_receive (ctrl_iface_unix.c:168)
==1972==    by 0x4114D4: eloop_sock_table_dispatch_table (eloop.c:335)
==1972==    by 0x411541: eloop_sock_table_dispatch (eloop.c:352)
==1972==    by 0x41200D: eloop_run (eloop.c:766)
==1972==    by 0x4C8B43: wpa_supplicant_run (wpa_supplicant.c:3010)
==1972==    by 0x4D44AD: main (main.c:286)

Signed-hostap: Ben Greear <greearb@candelatech.com>
---
 wpa_supplicant/wps_supplicant.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
Jouni Malinen - May 10, 2012, 8:03 a.m.
On Wed, May 09, 2012 at 10:54:01AM -0700, greearb@candelatech.com wrote:
> I think this should fix the following valgrind complaint:

Thanks, applied.

Patch

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 00ce9be..da4421c 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -1113,8 +1113,10 @@  static void wpas_wps_set_uuid(struct wpa_supplicant *wpa_s,
 		while (first && first->next)
 			first = first->next;
 		if (first && first != wpa_s) {
-			os_memcpy(wps->uuid, wpa_s->global->ifaces->wps->uuid,
-				  WPS_UUID_LEN);
+			/* Only copy if memory locations are actually different */
+			if (wps != wpa_s->global->ifaces->wps)
+				os_memcpy(wps->uuid, wpa_s->global->ifaces->wps->uuid,
+					  WPS_UUID_LEN);
 			wpa_hexdump(MSG_DEBUG, "WPS: UUID from the first "
 				    "interface", wps->uuid, WPS_UUID_LEN);
 		} else {