Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

HS 2.0: Fix IE buffer length for extra scan IEs

The HS 2.0 Indication element is 7 (not 6) octets. The previous
implementation could result in wpabuf validation code stopping the
program if HS 2.0 was enabled without Interworking or P2P (which would
have created a large enough buffer to avoid hitting this) being enable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 12 years ago
parent
0cb12963b6
commit
5ebe8c8179
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      wpa_supplicant/scan.c

+ 1 - 1
wpa_supplicant/scan.c
View File 

@@ -735,7 +735,7 @@ ssid_list_set:
 
 	extra_ie = wpa_supplicant_extra_ies(wpa_s);
 
 
 #ifdef CONFIG_HS20
 
-	if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 6) == 0)
 
+	if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0)
 
 		wpas_hs20_add_indication(extra_ie);
 
 #endif /* CONFIG_HS20 */