| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 Jun 2008 09:47:07 +0200
From: Johannes Berg <johannes@...solutions.net>
To: Michael Buesch <mb@...sch.de>
Cc: Pavel Roskin <proski@....org>,
Stefanik Gábor <netrolller.3d@...il.com>,
linux-wireless <linux-wireless@...r.kernel.org>,
"bcm43xx-dev@...ts.berlios.de" <bcm43xx-dev@...ts.berlios.de>,
linux-kernel@...r.kernel.org
Subject: Re: Wireless-testing's b43 panics in b43_generate_txhdr on packet
transmit
On Sat, 2008-05-31 at 19:54 +0200, Michael Buesch wrote:
> On Saturday 31 May 2008 18:50:36 Pavel Roskin wrote:
> > On Sat, 2008-05-31 at 18:41 +0200, Michael Buesch wrote:
> > > On Saturday 31 May 2008 18:34:29 Stefanik Gábor wrote:
> > > > "BUG: unable to handle kernel NULL pointer dereference at 00000004
> > > > IP: [<f8dd3a99>] :b43:b43_generate_txhdr+0x6a9/0x790
> > >
> > > So can you put a few printks into the function to see where it dereferences
> > > a NULL pointer? (or use gdb to lookup the offset).
> >
> > u8 key_idx = info->control.hw_key->hw_key_idx;
> >
> > info->control.hw_key is NULL.
>
> Is a NULL pointer supposed to tell "do not encrypt", or is this a mac80211 bug?
It looks like a mac80211 bug, but I can't see how we get there.
If you look at mac80211's tx.c, you'll see, in
ieee80211_tx_h_select_key:
if (!tx->key || !(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
info->flags |= IEEE80211_TX_CTL_DO_NOT_ENCRYPT;
Hence, I haven't got a clue how you can possibly get into the situation
we have here, even with packet injection. Unless it's a different
version of mac80211 or something.
johannes
Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)
Powered by blists - more mailing lists