Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undefined behavior in wpa_eapol_key_send function (IDFGH-14307) #15098

Closed
3 tasks done
safocl opened this issue Dec 26, 2024 · 2 comments
Closed
3 tasks done

Undefined behavior in wpa_eapol_key_send function (IDFGH-14307) #15098

safocl opened this issue Dec 26, 2024 · 2 comments
Assignees
@kapilkedawat
Labels
Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally

Comments

@safocl
Copy link

safocl commented Dec 26, 2024
edited
Loading

Answers checklist.

  • I have read the documentation ESP-IDF Programming Guide and the issue is not addressed there.
  • I have updated my IDF branch (master or release) to the latest version and checked that the issue is present there.
  • I have searched the issue tracker for a similar issue and not found a similar issue.

General issue report

esp-idf/components/wpa_supplicant/src/rsn_supp/wpa.c

Line 245 in b5ac4fb

if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
contain UB with use wpa_sm_get_bssid(sm, sm->bssid) ->

static inline int   wpa_sm_get_bssid(struct wpa_sm *sm, u8 *bssid)
{
    memcpy(bssid, sm->bssid, ETH_ALEN);
    return 0;
}

copy from sm->bssid to bssid that is sm->bssid ->
"If the objects overlap (which is a violation of the restrict contract)(since C99), the behavior is undefined." https://en.cppreference.com/w/c/string/byte/memcpy
@espressif-bot espressif-bot added the Status: Opened Issue is new label Dec 26, 2024
@github-actions github-actions bot changed the title Undefined behavior in wpa_eapol_key_send function Undefined behavior in wpa_eapol_key_send function (IDFGH-14307) Dec 26, 2024
@KaeLL
Copy link
Contributor

KaeLL commented Jan 13, 2025

Nice catch.

@espressif-bot espressif-bot added Status: Done Issue is done internally Resolution: NA Issue resolution is unavailable and removed Status: Opened Issue is new labels Jan 21, 2025
@safocl
Copy link
Author

safocl commented Jan 23, 2025

#15097 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kapilkedawat kapilkedawat

Labels
Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@KaeLL @safocl @kapilkedawat @espressif-bot