{"id":804017,"url":"http://patchwork.ozlabs.org/api/patches/804017/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/1503333385-15051-5-git-send-email-andrei.otcheretianski@intel.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1503333385-15051-5-git-send-email-andrei.otcheretianski@intel.com>","list_archive_url":null,"date":"2017-08-21T16:36:25","name":"wpa_supplicant: Check length when building ext_cabality in assoc_cb","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"2147e1a3b0f31ed845f52608dbb7bffa340c15a3","submitter":{"id":62065,"url":"http://patchwork.ozlabs.org/api/people/62065/?format=json","name":"Andrei Otcheretianski","email":"andrei.otcheretianski@intel.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/1503333385-15051-5-git-send-email-andrei.otcheretianski@intel.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/804017/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/804017/checks/","tags":{},"related":[],"headers":{"Return-Path":"<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"oev7EDQB\"; \n\tdkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xbZZH2GdTz9sRm\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 21 Aug 2017 23:40:23 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1djmvu-0001PA-DU; Mon, 21 Aug 2017 13:39:58 +0000","from mga07.intel.com ([134.134.136.100])\n\tby bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux))\n\tid 1djmty-0008RG-Pi\n\tfor hostap@lists.infradead.org; Mon, 21 Aug 2017 13:39:15 +0000","from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby orsmga105.jf.intel.com with ESMTP; 21 Aug 2017 06:37:37 -0700","from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com)\n\t([10.12.217.183])\n\tby fmsmga001.fm.intel.com with ESMTP; 21 Aug 2017 06:37:36 -0700"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:\n\tSubject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:\n\tResent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:\n\tReferences:List-Owner; bh=cwP8rGbBoyD//bqryzwJfkwwYooVUcC1R9MnvqjmA+c=;\n\tb=oev\n\t7EDQB0BixtENSuxpLdAbXJfXpOqSuZ2FiazwfZ1017xUDR7eIZyXf27v6st9qzqeHLJOPpkz2RF9E\n\thYSw+tNeGTgAINFjriNCMycN0x3UWoQni4pmctdYTW8GlC/VCY8wgC81CxMGwu9uHJEHVlluHOqDf\n\t367kmtmAgSuPT6+tsVfVKkIrhONmjh2AhZYgltU1w8XK21iA/J1iZd2F6tVGsmrHXSKrDPj/1iiKJ\n\tmbVOT8ds2EjJUmugDKDFIqZ1FRa0EGdJiJkNZxpTsdDmLIc82ngJGci66hMx6DTQsgozLtY7xhiuU\n\t/X83R5RFhqzkufmMFLRDrWHOMBQrjwA==;","X-ExtLoop1":"1","X-IronPort-AV":"E=Sophos; i=\"5.41,409,1498546800\"; d=\"scan'208\";\n\ta=\"1186135998\"","From":"Andrei Otcheretianski <andrei.otcheretianski@intel.com>","To":"hostap@lists.infradead.org","Subject":"[PATCH] wpa_supplicant: Check length when building ext_cabality in\n\tassoc_cb","Date":"Mon, 21 Aug 2017 19:36:25 +0300","Message-Id":"<1503333385-15051-5-git-send-email-andrei.otcheretianski@intel.com>","X-Mailer":"git-send-email 2.7.4","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170821_063759_634911_3B66E955 ","X-CRM114-Status":"UNSURE (   9.03  )","X-CRM114-Notice":"Please train this message.","X-Spam-Score":"-4.2 (----)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details:   (-4.2 points)\n\tpts rule name              description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,\n\tmedium trust [134.134.136.100 listed in list.dnswl.org]\n\t-0.0 SPF_PASS               SPF: sender matches SPF record\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<hostap.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/hostap/>","List-Post":"<mailto:hostap@lists.infradead.org>","List-Help":"<mailto:hostap-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/hostap>,\n\t<mailto:hostap-request@lists.infradead.org?subject=subscribe>","Cc":"Adiel Aloni <adiel.aloni@intel.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" <hostap-bounces@lists.infradead.org>","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Adiel Aloni <adiel.aloni@intel.com>\n\nWhen building wpa_ie in wpas_start_assoc_cb with ext_capab,\nmake sure that assignment does not exceed max_wpa_ie_len.\n\nSigned-off-by: Adiel Aloni <adiel.aloni@intel.com>\n---\n wpa_supplicant/wpa_supplicant.c | 3 ++-\n 1 file changed, 2 insertions(+), 1 deletion(-)","diff":"diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c\nindex 4932fa8..9daf172 100644\n--- a/wpa_supplicant/wpa_supplicant.c\n+++ b/wpa_supplicant/wpa_supplicant.c\n@@ -2567,7 +2567,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)\n \t\tint ext_capab_len;\n \t\text_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,\n \t\t\t\t\t\t     sizeof(ext_capab));\n-\t\tif (ext_capab_len > 0) {\n+\t\tif (ext_capab_len > 0 &&\n+\t\t    (wpa_ie_len + ext_capab_len) <= max_wpa_ie_len) {\n \t\t\tu8 *pos = wpa_ie;\n \t\t\tif (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)\n \t\t\t\tpos += 2 + pos[1];\n","prefixes":[]}