minor array overflow in ifconfig set80211chanlist()
Andriy Voskoboinyk
s3erios at gmail.com
Thu May 19 18:03:08 UTC 2016
Tue, 17 May 2016 01:05:57 +0300 було написано Andriy Voskoboinyk
<avos at freebsd.org>:
> Tue, 17 May 2016 01:03:03 +0300 було написано Adrian Chadd
> <adrian.chadd at gmail.com>:
>
>> Heh, god, it's used for both maximum ieee channel number /and/ the
>> array size? we should eventually fix that; 11ac channels will likely
>> overflow all of the above. :(
>
> No (yes) :)
> I mean ic->ic_nchans and nitems(ic->ic_channels)
> ... but you are right: ic_ieee is uint8_t, so it's limited by this
> number too.
>
... but there is another macro with the same value:
ieee80211_scan_sta.c:
#define MAX_IEEE_CHAN 256 /* max acceptable IEEE chan # */
CTASSERT(MAX_IEEE_CHAN >= 256);
>>
>>
>>
>> -a
>> _______________________________________________
>> freebsd-wireless at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
>> To unsubscribe, send any mail to
>> "freebsd-wireless-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-wireless at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-wireless
> To unsubscribe, send any mail to
> "freebsd-wireless-unsubscribe at freebsd.org"
More information about the freebsd-wireless
mailing list