net-wireless/wpa_supplicant/files/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

From fc880b11ed70ff9dcf8be48621f75d354cc5094d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 7 Jul 2015 15:33:55 +0300
Subject: [PATCH] NFC: Avoid misaligned read of an NDEF field

The 32-bit version of payload length field may not be 32-bit aligned in
the message buffer, so use WPA_GET_BE32() to read it instead of ntohl().

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/wps/ndef.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index 8d1ce1e..5604b0a 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -47,7 +47,7 @@ static int ndef_parse_record(const u8 *data, u32 size,
 	} else {
 		if (size < 6)
 			return -1;
-		record->payload_length = ntohl(*(u32 *)pos);
+		record->payload_length = WPA_GET_BE32(pos);
 		pos += sizeof(u32);
 	}
 
-- 
1.7.9.5