hostapd crash (due to unaligned access)
jkmaline at cc.hut.fi
Mon Mar 15 10:13:50 EST 2004
On Sun, Mar 14, 2004 at 02:32:09PM -0500, Pavel Roskin wrote:
> Protocol 3 is something that the driver doesn't ever pass to hostapd.
> The real problem is that you are getting such frames. See what happens
> with fc in hostap_ap_tx_cb().
> Try the old hostapd with the new driver and vice versa to see where the
> bug was introduced.
> You can set debug=3 and daemonize=0 in hostapd.conf and see frames dumps.
> Look at the frames with the first byte having bits 0 and 1 set. You can
> post one to the list.
Yes, it would be interesting to find out why this was happening, so full
debug dump of that frame would indeed be interesting.
> As for that line, it should probably be changed to "elen = (u16 *) (buf +
> len - 2);" but it shouldn't matter - this code should not be run at all!
Oops.. It should be quite obvisous by now that this code has never
really been tested (since it is not used) ;-). I fixed the offset and in
addition, I fixed the potentially unaligned read of that length. hostapd
is not supposed to cause unaligned accesses, so this kind of code is
considered a bug. There may be couple of those lurking around somewhere,
but I will fix them whenever they are reported. I'm mostly using x86, so
I do not notice these that easily.
Jouni Malinen PGP id EFC895FA
More information about the HostAP