diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-10-29 21:25:39 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-10-29 21:25:39 +0000 |
commit | 434c8dbf3353a40e931d0db2e35fa2c8b4cbe576 (patch) | |
tree | c48605f995a2f54194ecc6f226d9d2d49cf098b6 /package/hostapd/patches/460-oper_state_fix.patch | |
parent | 9d61a9b1c6e57e6b07cf19dc0cbe78bc1b0e5f70 (diff) | |
download | upstream-434c8dbf3353a40e931d0db2e35fa2c8b4cbe576.tar.gz upstream-434c8dbf3353a40e931d0db2e35fa2c8b4cbe576.tar.bz2 upstream-434c8dbf3353a40e931d0db2e35fa2c8b4cbe576.zip |
package/hostapd: fix crash in atheros driver (#8143) hapd->driver->set_operstate may happen when the drv_priv data is not initialized yet, this leads to a null pointer deref in the atheros driver. Protect the operstate call with a check for hapd->drv_priv.
SVN-Revision: 23715
Diffstat (limited to 'package/hostapd/patches/460-oper_state_fix.patch')
-rw-r--r-- | package/hostapd/patches/460-oper_state_fix.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/package/hostapd/patches/460-oper_state_fix.patch b/package/hostapd/patches/460-oper_state_fix.patch index 5a685a23ef..8ea0e12360 100644 --- a/package/hostapd/patches/460-oper_state_fix.patch +++ b/package/hostapd/patches/460-oper_state_fix.patch @@ -23,3 +23,25 @@ DORMANT state does not prevent normal operations after that. return 0; } +--- a/src/drivers/driver_wext.c ++++ b/src/drivers/driver_wext.c +@@ -2245,11 +2245,14 @@ int wpa_driver_wext_set_operstate(void * + { + struct wpa_driver_wext_data *drv = priv; + +- wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", +- __func__, drv->operstate, state, state ? "UP" : "DORMANT"); +- drv->operstate = state; +- return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, +- state ? IF_OPER_UP : IF_OPER_DORMANT); ++ if (drv != NULL) ++ { ++ wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", ++ __func__, drv->operstate, state, state ? "UP" : "DORMANT"); ++ drv->operstate = state; ++ return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, ++ state ? IF_OPER_UP : IF_OPER_DORMANT); ++ } + } + + |