[PATCH] Fixed bug with ap_rx_from_unknown_sta recursion

Witold Sowa witold.sowa at gmail.com
Wed Jul 8 11:45:46 EDT 2009


ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.   
---                                                      
 src/drivers/driver_nl80211.c |    4 ++--                
 wpa_supplicant/ap.c          |    4 ++--                
 2 files changed, 4 insertions(+), 4 deletions(-)        

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 26ee21e..69fcd51 100644                                           
--- a/src/drivers/driver_nl80211.c                                      
+++ b/src/drivers/driver_nl80211.c                                      
@@ -2558,7 +2558,7 @@ static int nl80211_create_iface(struct
wpa_driver_nl80211_data *drv,
                                                                                        
 
 void ap_tx_status(void *ctx, const u8
*addr,                                             
                  const u8 *buf, size_t len, int
ack);                                    
-void ap_rx_from_unknown_sta(void *ctx, const u8
*addr);                                  
+void ap_rx_from_unknown_sta(void *ctx, struct ieee80211_hdr *hdr,
size_t len);           
 void ap_mgmt_rx(void *ctx, u8 *buf, size_t len, u16
stype,                               
                struct hostapd_frame_info
*fi);                                           
 void ap_mgmt_tx_cb(void *ctx, u8 *buf, size_t len, u16 stype, int
ok);                   
@@ -2613,7 +2613,7 @@ static void from_unknown_sta(struct
wpa_driver_nl80211_data *drv,
 #ifdef HOSTAPD
        hostapd_rx_from_unknown_sta(drv->ctx, hdr, len);
 #else /* HOSTAPD */
-       ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
+       ap_rx_from_unknown_sta(drv->ctx, hdr, len);
 #endif /* HOSTAPD */
 }

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 1ca192f..95acd5c 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -491,10 +491,10 @@ void ap_tx_status(void *ctx, const u8 *addr,
 }


-void ap_rx_from_unknown_sta(void *ctx, const u8 *addr)
+void ap_rx_from_unknown_sta(void *ctx, struct ieee80211_hdr *hdr,
size_t len)
 {
        struct wpa_supplicant *wpa_s = ctx;
-       ap_rx_from_unknown_sta(wpa_s->ap_iface->bss[0], addr);
+       hostapd_rx_from_unknown_sta(wpa_s->ap_iface->bss[0], hdr, len);
 }


--
1.6.0.2



More information about the HostAP mailing list