lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 May 2007 13:12:02 -0400
From:	"John W. Linville" <linville@...driver.com>
To:	David LAMPARTER <lists@...c24.net>
Cc:	linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Panic in ieee_80211_ibss_add_sta when trying to join ad-hoc network (rt2500pci)

On Tue, May 15, 2007 at 05:28:42PM +0200, David LAMPARTER wrote:

> BUG: unable to handle kernel NULL pointer derference at virtual address 00000218
> [...]
> EIP is at ieee80211_ibss_add_sta+0xae/0x130
> [...]
> EIP: [<c05773fe>] ieee_80211_ibss_add_sta+0xae/0x130 SS:ESP 0068:f641dc38
> Kernel panic - not syncing: Fatal exception in interrupt
> 
> The bug seems to be triggered as soon as the stack tries to
> join my router's ad-hoc; it happen either directly when
> doing "ip l s wlan0 up" as well as when doing
> "iwconfig wlan0 essid equinox" (when it did not immediately
> find the network).

Probably because of this:

	struct ieee80211_sub_if_data *sdata = NULL;
...
	sta->supp_rates = sdata->u.sta.supp_rates_bits;

Patch below...does this work better?  Looks like upstream needs
it too...

John

---
Avoid sdata null pointer dereference in ieee80211_ibss_add_sta.

Signed-off-by: John W. Linville <linville@...driver.com>
---

 net/mac80211/ieee80211_sta.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/mac80211/ieee80211_sta.c b/net/mac80211/ieee80211_sta.c
index a36c6f3..dd36cc6 100644
--- a/net/mac80211/ieee80211_sta.c
+++ b/net/mac80211/ieee80211_sta.c
@@ -3154,7 +3154,7 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
 {
 	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
 	struct sta_info *sta;
-	struct ieee80211_sub_if_data *sdata = NULL;
+	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 
 	/* TODO: Could consider removing the least recently used entry and
 	 * allow new one to be added. */

-- 
John W. Linville
linville@...driver.com
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ