From 20c2ea412a512d759ae0b00de9f0e2ef33393ec0 Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Mon, 7 May 2018 15:24:29 +0200 Subject: [PATCH] wpa_supplicant: Fix parsing of max_oper_chwidth The max_oper_chwidth is parsed in wpa_config_set as INT_RANGE (see ssid_fields). The actual parsing for INT_RANGE is done by wpa_config_parse_int which can only store the result as full integer. max_oper_chwidth is stored as u8 (a single byte) in wpa_ssid. This means that on little endian systems, the least significant byte of the parsed value are really stored in the max_oper_chwidth. But on big endian system, the only most significant byte is stored as max_oper_chwidth. This means that 0 is always stored because the provided range doesn't allow any other value for systems with multi-byte-wide integers. This also means that for common systems with 4-byte-wide integers, the remaining 3 bytes were written after the actual member of the struct. This should not have influenced the behavior of succeeding members because these bytes would have been part of the padding between the members on most systems. Increasing its size to a full int fixes the write operations outside of the member and allows to use the max_oper_chwidth setting on big endian systems. Fixes: 0f29bc68d18e ("IBSS/mesh: Add support for VHT80P80 configuration") Signed-off-by: Sven Eckelmann --- wpa_supplicant/config_ssid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 5b872fac0..3000c43b4 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -505,7 +505,7 @@ struct wpa_ssid { int vht; - u8 max_oper_chwidth; + int max_oper_chwidth; unsigned int vht_center_freq1; unsigned int vht_center_freq2;