Unexpected terminations via D-Bus

Jouni Malinen j at w1.fi
Sat Dec 26 07:41:42 EST 2009


On Sat, Dec 19, 2009 at 06:44:14PM -0800, Marcel Holtmann wrote:

> so I started playing with the new D-Bus interface and it seems it has
> still some issues in handling unexpected usage. So for example by
> accident, I triggered a scan with an empty parameter dictionary and this
> happens:
> 
> RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> wpas_dbus_handler_scan[dbus]: Scan type not specified
> 
> After that the daemon terminates. This is a pretty bad behavior. Either
> we should return a proper error and continue or just fallback to some
> default parameters.

That was a bug in wpas_dbus_handler_scan(). It used an uninitialized
local variable as the error message in this particular case which
resulted in odd termination later when something (libdbus?) actually
tried to read the message from random memory location.. Anyway, that
should now be fixed.

> I haven't checked any other method calls so far, but there might be
> others.

I fixed couple more cases where invalid parameters could have trigger
crashes, but haven't went through all the dbus code yet in detail.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list