3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-26 10:39:23 +01:00

mpdu: Fix buffer overflow reported by asan

==25412==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421ab0 at pc 0x000000402faf bp 0x7fffffffdb00 sp 0x7fffffffdaf0
READ of size 4 at 0x000000421ab0 thread T0
    #0 0x402fae in validate_mgmt_ies src/mpdu.c:128
    #1 0x403ce8 in validate_probe_request_mmpdu src/mpdu.c:370
    #2 0x404ef2 in validate_mgmt_mpdu src/mpdu.c:662
    #3 0x405166 in mpdu_validate src/mpdu.c:706
    #4 0x402529 in ie_order_test unit/test-mpdu.c:156
    #5 0x418f49 in l_test_run ell/test.c:83
    #6 0x402715 in main unit/test-mpdu.c:171
    #7 0x7ffff5d43ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #8 0x4019a9 in _start (/home/denkenz/iwd-master/unit/test-mpdu+0x4019a9)
This commit is contained in:
Denis Kenzior 2019-01-11 11:43:21 -06:00
parent 6bf7e638b0
commit 30cf1aa376

View File

@ -125,7 +125,7 @@ static bool validate_mgmt_ies(const uint8_t *ies, size_t ies_len,
return false;
new_idx = last_idx;
while (tag != tag_order[new_idx] && new_idx < tag_count)
while (new_idx < tag_count && tag != tag_order[new_idx])
new_idx++;
if (new_idx < tag_count) {