wpa_supplicant segfault in large WLAN

Matt Causey matt.causey at gmail.com
Fri Sep 27 09:16:38 EDT 2013


On Fri, Sep 27, 2013 at 9:13 AM, Jouni Malinen <j at w1.fi> wrote:

> On Thu, Sep 26, 2013 at 09:37:54PM -0400, Matt Causey wrote:
> > I can't seem to do anything that will cause this segfault to happen
> > w/valgrind.  :-(  What do you think about this:
> > ==25997== ERROR SUMMARY: 155711 errors from 129 contexts (suppressed: 27
> > from 6)
> >
> > I've attached the full and compressed valgrind log, though it may end up
> > being scrubbed by the server.
>
> Thanks! This is a good example where valgrind ends up hiding the
> segfault when a program accesses freed memory. Such a bug is a critical
> issue always so it does not really matter whether the program crashes or
> not (with or without valgrind).
>
> I was able to reproduce this by replaying the scan results and the
> configuration you were using. The issue is triggered by a removal of the
> oldest BSS entry at a very inconvenient time and yes, this was very much
> related to the large number of BSSes in the scan results. For this to
> show up, you would need to have at least 200 BSSes that match a network
> configuration block in the scan results. And well, you did have 739 such
> BSSes.. ;-)
>
> This commit fixes the issue:
>
> http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=a3cbf82e6d2b494e4c5e87b4101af2f941482400
>
> In addition, while reviewing the implementation, I found another
> potential issue that could result in somewhat similar problems. Though,
> I don't think this should happen with nl80211 driver interface. Anyway,
> the fix is here:
>
> http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=25b65a142dec4770a79f7a17867f0db93111f843
>
> Please let me know if these address the issues you were seeing.
>

I'll do it straight-away.  Thanks for all your help!  Shall I expect these
patches to apply cleanly to the wpa_supplicant-2.0 release or should we
migrate to hostap.git HEAD in our stack?

--
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130927/b043e4cb/attachment-0001.htm>


More information about the HostAP mailing list