Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1506 (closed defect: fixed)

Opened 12 years ago

Last modified 11 years ago

NULL pointer reference with iwspy

Reported by: hrogge@gmx.net Assigned to:
Priority: minor Milestone: version 0.9.5
Component: madwifi: 802.11 stack Version:
Keywords: Cc:
Patch is attached: 0 Pending:

Description

ieee80211_ioctl_getspy in net80211/ieee80211_wireless.c crashs with a nullpointer exception if iwspy tries to read the statistics of a node that does not exist (because no package was received).

Reproduction:

  • iwspy <interface> + <mac address that does not exist in your network>
  • iwspy <interface>

Suggestion for a patch is added as an attachment.

Attachments

ieee_80211_wireless.c.patch (0.5 kB) - added by hrogge@gmx.net on 08/13/07 16:42:23.
Patch for the nullpointer reference problem

Change History

08/13/07 16:42:23 changed by hrogge@gmx.net

  • attachment ieee_80211_wireless.c.patch added.

Patch for the nullpointer reference problem

08/13/07 22:25:20 changed by mentor

  • milestone set to version 0.9.4.

r2652. I didn't use your patch but thanks.

08/13/07 22:26:08 changed by mentor

  • status changed from new to closed.
  • component changed from madwifi: other to madwifi: 802.11 stack.
  • resolution set to fixed.

08/14/07 07:53:27 changed by hrogge@gmx.net

what's about the case if you get a node from ieee80211_find_node() but (ni->ni_vap == vap) is not true ? In this case your code would still have a memory leak, right ?

Maybe splitting the

if (ni && (ni->ni_vap == vap)) {

line into two if statements would be better ?

 if (ni) {
   if (ni->ni_vap == vap) {
     ...
   } else {
     ...
   }
   ieee80211_unref_node(&ni);
 }

What do you think ?

02/11/08 06:22:46 changed by mrenzmann

  • milestone changed from version 0.9.4 to version 0.9.5.