diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2014-08-12 11:14:11 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2014-08-12 11:14:11 +0000 |
commit | eb02b887ff2e71b28c47205f2c4070e9139bc2a0 (patch) | |
tree | a519ee0446a42522ebbcc913aff13c0038f2de30 /docs | |
parent | 24696a06ad504807a0e5207c46ca488c5f70e02d (diff) | |
download | upstream-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.tar.gz upstream-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.tar.bz2 upstream-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.zip |
package: fix segfault of iwinfo.scanlist("radio0").
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions