Changeset 23715


Ignore:
Timestamp:
2010-10-29T23:25:39+02:00 (6 years ago)
Author:
jow
Message:

package/hostapd: fix crash in atheros driver (#8143)
hapd->driver->set_operstate may happen when the drv_priv data is not initialized yet,
this leads to a null pointer deref in the atheros driver. Protect the operstate call with a
check for hapd->drv_priv.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/hostapd/patches/460-oper_state_fix.patch

    r23641 r23715  
    2424 } 
    2525  
     26--- a/src/drivers/driver_wext.c 
     27+++ b/src/drivers/driver_wext.c 
     28@@ -2245,11 +2245,14 @@ int wpa_driver_wext_set_operstate(void * 
     29 { 
     30        struct wpa_driver_wext_data *drv = priv; 
     31  
     32-       wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 
     33-                  __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 
     34-       drv->operstate = state; 
     35-       return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 
     36-                                     state ? IF_OPER_UP : IF_OPER_DORMANT); 
     37+       if (drv != NULL) 
     38+       { 
     39+               wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 
     40+                          __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 
     41+               drv->operstate = state; 
     42+               return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 
     43+                                             state ? IF_OPER_UP : IF_OPER_DORMANT); 
     44+       } 
     45 } 
     46  
     47  
Note: See TracChangeset for help on using the changeset viewer.