DragonFlyBSD Kernel Audit
← dashboard
DF-0347

Undefined behavior: 1<<32 in WPA/RSN cipher selector parsing for unknown OUI

Summary

wpa_cipher(:1198)/rsn_cipher(:1347) return 32 for unknown cipher OUI. Callers: w|=1<<wpa_cipher(:1284), w|=1<<rsn_cipher(:1431). 1<<32 is UB per C99 6.5.7. x86 masks to 5 bits -> 1<<0=CIPHER_WEP. ARM may yield 0. Aggressive compiler could mis-optimize. Remote: assoc req with unknown cipher OUI.