[patch] fix oops in wext autojoin

Discussion:

[patch] fix oops in wext autojoin

richard

2007-01-04 11:21:38 UTC

if the wireless extension interface is passed a null string for the ssid
in siwessid, autojoin tries to trim the trailing null and can oops.

I've never been able to trap the oops stack trace so I don't know
exactly where the problem occurs, but this patch fixes it .

Cheers
Richard

Index: src/p80211/p80211wext.c
===================================================================
--- src/p80211/p80211wext.c (revision 1805)
+++ src/p80211/p80211wext.c (working copy)
@@ -183,7 +183,7 @@

/* Trim the last '\0' to fit the SSID format */

- if (ssid[data.length-1] == '\0') {
+ if (data.length && ssid[data.length-1] == '\0') {
data.length = data.length - 1;
}

Solomon Peachy

2007-01-04 14:03:48 UTC

Post by richard
if the wireless extension interface is passed a null string for the ssid
in siwessid, autojoin tries to trim the trailing null and can oops.

Applied, thanks.

Post by richard
I've never been able to trap the oops stack trace so I don't know
exactly where the problem occurs, but this patch fixes it .

data.length becomes MAX(uint8), which probably results in a buffer
overflow deeper in the stack as the general assumption is that bounds
checks happen at the edges.

- Solomon

--
Solomon Peachy ***@linux-wlan.com
AbsoluteValue Systems http://www.linux-wlan.com
721-D North Drive +1 (321) 259-0737 (office)
Melbourne, FL 32934 +1 (321) 259-0286 (fax)

1 Reply
1 View
Permalink to this page
Disable enhanced parsing

Thread Navigation

richard 2007-01-04 11:21:38 UTC

Solomon Peachy 2007-01-04 14:03:48 UTC

about - legalese

Loading...