Message ID | 1465412498-32289-2-git-send-email-jonathan@wizery.com |
---|---|
State | Changes Requested |
Headers | show |
On Wed, Jun 08, 2016 at 10:01:38PM +0300, Jonathan Afek wrote: > In some cases parsing of the mesh scan info for a BSS can > fail. One reason can be that the beacon contained malformed > length vendor IEs which are not parsed when adding to the BSS > table. Instead of skipping the whole BSS of the BSS > command, just skip the mesh scan info. Does wpas_p2p_scan_result_text() case need this treatment as well? It has the same error handling. > ie = (const u8 *) (bss + 1); > ret = wpas_mesh_scan_result_text(ie, bss->ie_len, pos, end); > - if (ret < 0 || ret >= end - pos) > + if (ret >= end - pos) > return 0; > - pos += ret; > + if (ret > 0) > + pos += ret; > } > #endif /* CONFIG_MESH */
On Thu, Jun 9, 2016 at 3:28 PM, Bob Copeland <me@bobcopeland.com> wrote: > Does wpas_p2p_scan_result_text() case need this treatment as well? > It has the same error handling. Yes. Sending another patch version to include this.
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 401cd61..36a39d1 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -4381,9 +4381,10 @@ static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, if (mask & WPA_BSS_MASK_MESH_SCAN) { ie = (const u8 *) (bss + 1); ret = wpas_mesh_scan_result_text(ie, bss->ie_len, pos, end); - if (ret < 0 || ret >= end - pos) + if (ret >= end - pos) return 0; - pos += ret; + if (ret > 0) + pos += ret; } #endif /* CONFIG_MESH */
In some cases parsing of the mesh scan info for a BSS can fail. One reason can be that the beacon contained malformed length vendor IEs which are not parsed when adding to the BSS table. Instead of skipping the whole BSS of the BSS command, just skip the mesh scan info. Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com> --- wpa_supplicant/ctrl_iface.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)