diff options
author | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2006-01-31 21:45:23 +0000 |
---|---|---|
committer | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2006-01-31 21:45:23 +0000 |
commit | a0d7aadf5ed57e4263b771ce001c5ffebabfac29 (patch) | |
tree | 149c81966b3dcad88cfa11353483fb8801f5a25e /openwrt/target/linux/package/madwifi | |
parent | 47f025b3060592d883f2b79f72ad3b5b197510d3 (diff) |
fix hostapd/madwifi crash (#247)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@3102 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'openwrt/target/linux/package/madwifi')
-rw-r--r-- | openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch new file mode 100644 index 0000000000..7a92ccb010 --- /dev/null +++ b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch @@ -0,0 +1,27 @@ +diff -urN madwifi.old/net80211/ieee80211_ioctl.h madwifi.dev/net80211/ieee80211_ioctl.h +--- madwifi.old/net80211/ieee80211_ioctl.h 2005-12-07 03:53:07.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_ioctl.h 2006-01-31 22:33:21.282491500 +0100 +@@ -277,6 +277,7 @@ + struct ieee80211req_wpaie { + u_int8_t wpa_macaddr[IEEE80211_ADDR_LEN]; + u_int8_t wpa_ie[IEEE80211_MAX_OPT_IE]; ++ u_int8_t rsn_ie[IEEE80211_MAX_OPT_IE]; + }; + + /* +diff -urN madwifi.old/net80211/ieee80211_wireless.c madwifi.dev/net80211/ieee80211_wireless.c +--- madwifi.old/net80211/ieee80211_wireless.c 2006-01-23 08:07:51.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_wireless.c 2006-01-31 22:33:21.286491750 +0100 +@@ -3160,6 +3160,12 @@ + ielen = sizeof(wpaie.wpa_ie); + memcpy(wpaie.wpa_ie, ni->ni_wpa_ie, ielen); + } ++ if (ni->ni_rsn_ie != NULL) { ++ int ielen = ni->ni_rsn_ie[1] + 2; ++ if (ielen > sizeof(wpaie.rsn_ie)) ++ ielen = sizeof(wpaie.rsn_ie); ++ memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen); ++ } + ieee80211_free_node(ni); + return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ? + -EFAULT : 0); |