aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/package/madwifi
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2006-01-31 21:45:23 +0000
committerFelix Fietkau <nbd@openwrt.org>2006-01-31 21:45:23 +0000
commit2c4b4d39a77494dd432b192ba58ce1f7158e7fcb (patch)
tree8bb171e705b3af209f5a81358baa7573d192d228 /target/linux/package/madwifi
parentac80b1360263ef63eb71775e3432a1b8e3bf1d80 (diff)
downloadupstream-2c4b4d39a77494dd432b192ba58ce1f7158e7fcb.tar.gz
upstream-2c4b4d39a77494dd432b192ba58ce1f7158e7fcb.tar.bz2
upstream-2c4b4d39a77494dd432b192ba58ce1f7158e7fcb.zip
fix hostapd/madwifi crash (#247)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@3102 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/package/madwifi')
-rw-r--r--target/linux/package/madwifi/patches/103-wpa_crash.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/target/linux/package/madwifi/patches/103-wpa_crash.patch b/target/linux/package/madwifi/patches/103-wpa_crash.patch
new file mode 100644
index 0000000000..7a92ccb010
--- /dev/null
+++ b/target/linux/package/madwifi/patches/103-wpa_crash.patch
@@ -0,0 +1,27 @@
+diff -urN madwifi.old/net80211/ieee80211_ioctl.h madwifi.dev/net80211/ieee80211_ioctl.h
+--- madwifi.old/net80211/ieee80211_ioctl.h 2005-12-07 03:53:07.000000000 +0100
++++ madwifi.dev/net80211/ieee80211_ioctl.h 2006-01-31 22:33:21.282491500 +0100
+@@ -277,6 +277,7 @@
+ struct ieee80211req_wpaie {
+ u_int8_t wpa_macaddr[IEEE80211_ADDR_LEN];
+ u_int8_t wpa_ie[IEEE80211_MAX_OPT_IE];
++ u_int8_t rsn_ie[IEEE80211_MAX_OPT_IE];
+ };
+
+ /*
+diff -urN madwifi.old/net80211/ieee80211_wireless.c madwifi.dev/net80211/ieee80211_wireless.c
+--- madwifi.old/net80211/ieee80211_wireless.c 2006-01-23 08:07:51.000000000 +0100
++++ madwifi.dev/net80211/ieee80211_wireless.c 2006-01-31 22:33:21.286491750 +0100
+@@ -3160,6 +3160,12 @@
+ ielen = sizeof(wpaie.wpa_ie);
+ memcpy(wpaie.wpa_ie, ni->ni_wpa_ie, ielen);
+ }
++ if (ni->ni_rsn_ie != NULL) {
++ int ielen = ni->ni_rsn_ie[1] + 2;
++ if (ielen > sizeof(wpaie.rsn_ie))
++ ielen = sizeof(wpaie.rsn_ie);
++ memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen);
++ }
+ ieee80211_free_node(ni);
+ return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ?
+ -EFAULT : 0);