aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-10-29 21:25:39 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-10-29 21:25:39 +0000
commit522a411c112fb5c7e85546f21c4995c7264a57f5 (patch)
tree10f78575ea8f4a8290326881f6accd27633a31a1
parentd4b77f3145856dec4399b0d9627ac2986401b47b (diff)
downloadupstream-522a411c112fb5c7e85546f21c4995c7264a57f5.tar.gz
upstream-522a411c112fb5c7e85546f21c4995c7264a57f5.tar.bz2
upstream-522a411c112fb5c7e85546f21c4995c7264a57f5.zip
package/hostapd: fix crash in atheros driver (#8143)
hapd->driver->set_operstate may happen when the drv_priv data is not initialized yet, this leads to a null pointer deref in the atheros driver. Protect the operstate call with a check for hapd->drv_priv. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23715 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/hostapd/patches/460-oper_state_fix.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/package/hostapd/patches/460-oper_state_fix.patch b/package/hostapd/patches/460-oper_state_fix.patch
index 5a685a23ef..8ea0e12360 100644
--- a/package/hostapd/patches/460-oper_state_fix.patch
+++ b/package/hostapd/patches/460-oper_state_fix.patch
@@ -23,3 +23,25 @@ DORMANT state does not prevent normal operations after that.
return 0;
}
+--- a/src/drivers/driver_wext.c
++++ b/src/drivers/driver_wext.c
+@@ -2245,11 +2245,14 @@ int wpa_driver_wext_set_operstate(void *
+ {
+ struct wpa_driver_wext_data *drv = priv;
+
+- wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
+- __func__, drv->operstate, state, state ? "UP" : "DORMANT");
+- drv->operstate = state;
+- return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
+- state ? IF_OPER_UP : IF_OPER_DORMANT);
++ if (drv != NULL)
++ {
++ wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
++ __func__, drv->operstate, state, state ? "UP" : "DORMANT");
++ drv->operstate = state;
++ return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
++ state ? IF_OPER_UP : IF_OPER_DORMANT);
++ }
+ }
+
+