package/hostapd: fix crash in atheros driver (#8143)
authorjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Fri, 29 Oct 2010 21:25:39 +0000 (21:25 +0000)
committerjow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Fri, 29 Oct 2010 21:25:39 +0000 (21:25 +0000)
hapd->driver->set_operstate may happen when the drv_priv data is not initialized yet,
this leads to a null pointer deref in the atheros driver. Protect the operstate call with a
check for hapd->drv_priv.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23715 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/hostapd/patches/460-oper_state_fix.patch

index 5a685a2..8ea0e12 100644 (file)
@@ -23,3 +23,25 @@ DORMANT state does not prevent normal operations after that.
        return 0;
  }
  
+--- a/src/drivers/driver_wext.c
++++ b/src/drivers/driver_wext.c
+@@ -2245,11 +2245,14 @@ int wpa_driver_wext_set_operstate(void *
+ {
+       struct wpa_driver_wext_data *drv = priv;
+-      wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
+-                 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
+-      drv->operstate = state;
+-      return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
+-                                    state ? IF_OPER_UP : IF_OPER_DORMANT);
++      if (drv != NULL)
++      {
++              wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
++                         __func__, drv->operstate, state, state ? "UP" : "DORMANT");
++              drv->operstate = state;
++              return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
++                                            state ? IF_OPER_UP : IF_OPER_DORMANT);
++      }
+ }
This page took 0.030941 seconds and 4 git commands to generate.