projects / 15.05 / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4cbb181) | patch
package: fix segfault of iwinfo.scanlist("radio0").
authorJo-Philipp Wich <jow@openwrt.org>
Tue, 12 Aug 2014 11:14:11 +0000 (11:14 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Tue, 12 Aug 2014 11:14:11 +0000 (11:14 +0000)
commit5447ad5ac702ebc15651db8c8dda96cb542531cb
tree2356e11b102cfd883a8ef5fd755b85c1d823b1e6tree | snapshot
parent4cbb181a87b6a8342f8ba5cc1ba844dfe6eac08ecommit | diff
package: fix segfault of iwinfo.scanlist("radio0").

This is a bug revealed in r41830.

First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like.  This will
happen in the following call stack.

 nl80211_get_scanlist("radio0", buf, len);
   nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
   nl80211_get_scanlist(nif, buf, len); // tail call
     nl80211_get_mode(nif);
        nl80211_phy2ifname(nif); // zero out nif

Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.

Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42151 3c298f89-4303-0410-b956-a3cf2f4a3e73
package/network/utils/iwinfo/src/iwinfo_lua.c diff | blob | history
package/network/utils/iwinfo/src/iwinfo_nl80211.c diff | blob | history
OpenWrt 15.05 release branch