Ticket #946 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

ieee80211_ioctl_create_vap does use copy_to_user for interface name

Reported by: anonymous Assigned to:
Priority: minor Milestone: version 0.9.3
Component: madwifi: 802.11 stack Version: v0.9.2
Keywords: Cc:
Patch is attached: 1 Pending:

Description

The kernel function ieee80211_ioctl_create_vap() is supposed to pass the name of the new VAP back to userspace so that wlanconfig can print the new name. Currently it just does a strncpy into the ifr structure when it should be doing a kernel space to user space copy.

Attachments

ieee80211_wireless.c.diff (0.8 kB) - added by andrew.lunn@ascom.ch on 10/10/06 18:18:24.
Patch to fix the problem

Change History

10/10/06 18:18:24 changed by andrew.lunn@ascom.ch

  • attachment ieee80211_wireless.c.diff added.

Patch to fix the problem

10/10/06 18:46:51 changed by mrenzmann

  • priority changed from major to minor.
  • owner changed.
  • version set to v0.9.2.
  • component changed from madwifi: other to madwifi: 802.11 stack.
  • milestone set to version 0.9.3.

Thanks, please sign the patch off so that it can be committed.

11/22/06 10:08:08 changed by kelmo

@ Andrew, any chance you could find the time to put your name on this patch, and the one from #947 so that they may be applied?

Thanks, Kel.

12/12/06 09:30:30 changed by mrenzmann

Contacted Andrew by e-mail, asking him again to sign his patch off. However, this is no blocker for 0.9.3 - if the patch does not get signed off, we postpone it for inclusion in 0.9.4.

02/06/07 13:39:53 changed by kelmo

  • milestone changed from version 0.9.3 to version 0.9.x - progressive release candidate phase.

postponing it.

02/06/07 13:52:38 changed by andrew.lunn@ascom.ch

Signed-off-by: Andrew Lunn <andrew.lunn@ascom.ch>

02/06/07 14:13:11 changed by mrenzmann

  • milestone changed from version 0.9.x - progressive release candidate phase to version 0.9.3.

Thanks, rescheduled again for inclusion in 0.9.3.

02/06/07 14:31:36 changed by kelmo

  • status changed from new to closed.
  • resolution set to fixed.

Applied to r2078.

02/09/07 00:17:11 changed by tharvey

this fix breaks certain platforms (arm-linux for one) as copy_to_user fails because the ifr struct is _already_ copied to kernel space by dev_ioctl. The patch should be reverted as the original strncpy was correct

02/09/07 00:22:26 changed by mentor

  • status changed from closed to reopened.
  • resolution deleted.

requested by tharvey

02/09/07 00:59:42 changed by mentor

Commited as r2097. Waiting on testing.

@Andrew: Please test this.

02/12/07 06:39:24 changed by mentor

  • status changed from reopened to closed.
  • resolution set to fixed.

Request reopen if necessary.

Add/Change #946 (ieee80211_ioctl_create_vap does use copy_to_user for interface name)