| Message ID | 20180507132429.17759-1-sven.eckelmann@openmesh.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | wpa_supplicant: Fix parsing of max_oper_chwidth | expand |
On Mon, May 07, 2018 at 03:24:29PM +0200, Sven Eckelmann wrote: > The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see > ssid_fields). The actual parsing for INT_RANGE is done by > wpa_config_parse_int which can only store the result as full integer. > > max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means > that on little endian systems, the least significant byte of the parsed > value are really stored in the max_oper_chwidth. But on big endian system, > the only most significant byte is stored as max_oper_chwidth. This means > that 0 is always stored because the provided range doesn't allow any other > value for systems with multi-byte-wide integers. > > This also means that for common systems with 4-byte-wide integers, the > remaining 3 bytes were written after the actual member of the struct. This > should not have influenced the behavior of succeeding members because these > bytes would have been part of the padding between the members on most > systems. > > Increasing its size to a full int fixes the write operations outside of the > member and allows to use the max_oper_chwidth setting on big endian > systems. Thanks, applied.
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 9fd56c32f..65007795b 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -497,7 +497,7 @@ struct wpa_ssid { int vht; - u8 max_oper_chwidth; + int max_oper_chwidth; unsigned int vht_center_freq1; unsigned int vht_center_freq2;
The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see ssid_fields). The actual parsing for INT_RANGE is done by wpa_config_parse_int which can only store the result as full integer. max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means that on little endian systems, the least significant byte of the parsed value are really stored in the max_oper_chwidth. But on big endian system, the only most significant byte is stored as max_oper_chwidth. This means that 0 is always stored because the provided range doesn't allow any other value for systems with multi-byte-wide integers. This also means that for common systems with 4-byte-wide integers, the remaining 3 bytes were written after the actual member of the struct. This should not have influenced the behavior of succeeding members because these bytes would have been part of the padding between the members on most systems. Increasing its size to a full int fixes the write operations outside of the member and allows to use the max_oper_chwidth setting on big endian systems. Fixes: 0f29bc68d18e ("IBSS/mesh: Add support for VHT80P80 configuration") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> --- Cc: Ahmad Kholaif <akholaif@qca.qualcomm.com> Cc: Jouni Malinen <jouni@qca.qualcomm.com> wpa_supplicant/config_ssid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)