summaryrefslogtreecommitdiff
path: root/openwrt
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-01-31 21:45:23 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-01-31 21:45:23 +0000
commita0d7aadf5ed57e4263b771ce001c5ffebabfac29 (patch)
tree149c81966b3dcad88cfa11353483fb8801f5a25e /openwrt
parent47f025b3060592d883f2b79f72ad3b5b197510d3 (diff)
fix hostapd/madwifi crash (#247)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@3102 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'openwrt')
-rw-r--r--openwrt/package/hostapd/patches/100-wpa_fix.patch58
-rw-r--r--openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch27
2 files changed, 85 insertions, 0 deletions
diff --git a/openwrt/package/hostapd/patches/100-wpa_fix.patch b/openwrt/package/hostapd/patches/100-wpa_fix.patch
new file mode 100644
index 0000000000..502167cbd3
--- /dev/null
+++ b/openwrt/package/hostapd/patches/100-wpa_fix.patch
@@ -0,0 +1,58 @@
+--- hostapd-0.4.7/driver_madwifi.c 2006-01-30 10:00:44.199096000 -0800
++++ hostapd-0.4.7-new/driver_madwifi.c 2006-01-30 10:05:55.925511000 -0800
+@@ -692,6 +692,7 @@
+ struct hostapd_data *hapd = drv->hapd;
+ struct ieee80211req_wpaie ie;
+ int ielen, res;
++ int rsn = 0;
+
+ /*
+ * Fetch negotiated WPA/RSN parameters from the system.
+@@ -702,26 +703,37 @@
+ printf("Failed to get WPA/RSN information element.\n");
+ return -1; /* XXX not right */
+ }
+- ielen = ie.wpa_ie[1];
+- if (ielen == 0) {
++ if ((ie.wpa_ie[1] == 0) && (ie.rsn_ie[1] == 0)){
+ printf("No WPA/RSN information element for station!?\n");
+ return -1; /* XXX not right */
+ }
++ ielen = ie.rsn_ie[1];
+ ielen += 2;
+- res = wpa_validate_wpa_ie(hapd, sta, ie.wpa_ie, ielen,
+- ie.wpa_ie[0] == WLAN_EID_RSN ?
+- HOSTAPD_WPA_VERSION_WPA2 : HOSTAPD_WPA_VERSION_WPA);
+- if (res != WPA_IE_OK) {
+- printf("WPA/RSN information element rejected? (res %u)\n", res);
+- return -1;
+- }
++ res = wpa_validate_wpa_ie(hapd, sta, ie.rsn_ie, ielen,
++ HOSTAPD_WPA_VERSION_WPA2);
++ if (res != WPA_IE_OK){
++ // now look for WPA IE
++ ielen = ie.wpa_ie[1];
++ ielen += 2;
++ res = wpa_validate_wpa_ie(hapd, sta, ie.wpa_ie, ielen,
++ HOSTAPD_WPA_VERSION_WPA);
++ if (res != WPA_IE_OK) {
++ printf("WPA/RSN information element rejected? (res %u)\n", res);
++ return -1;
++ }
++ } else {
++ rsn = 1;
++ }
+ free(sta->wpa_ie);
+ sta->wpa_ie = malloc(ielen);
+ if (sta->wpa_ie == NULL) {
+ printf("No memory to save WPA/RSN information element!\n");
+ return -1;
+ }
+- memcpy(sta->wpa_ie, ie.wpa_ie, ielen);
++ if (rsn)
++ memcpy(sta->wpa_ie, ie.rsn_ie, ielen);
++ else
++ memcpy(sta->wpa_ie, ie.wpa_ie, ielen);
+ sta->wpa_ie_len = ielen;
+ return 0;
+ }
diff --git a/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch
new file mode 100644
index 0000000000..7a92ccb010
--- /dev/null
+++ b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch
@@ -0,0 +1,27 @@
+diff -urN madwifi.old/net80211/ieee80211_ioctl.h madwifi.dev/net80211/ieee80211_ioctl.h
+--- madwifi.old/net80211/ieee80211_ioctl.h 2005-12-07 03:53:07.000000000 +0100
++++ madwifi.dev/net80211/ieee80211_ioctl.h 2006-01-31 22:33:21.282491500 +0100
+@@ -277,6 +277,7 @@
+ struct ieee80211req_wpaie {
+ u_int8_t wpa_macaddr[IEEE80211_ADDR_LEN];
+ u_int8_t wpa_ie[IEEE80211_MAX_OPT_IE];
++ u_int8_t rsn_ie[IEEE80211_MAX_OPT_IE];
+ };
+
+ /*
+diff -urN madwifi.old/net80211/ieee80211_wireless.c madwifi.dev/net80211/ieee80211_wireless.c
+--- madwifi.old/net80211/ieee80211_wireless.c 2006-01-23 08:07:51.000000000 +0100
++++ madwifi.dev/net80211/ieee80211_wireless.c 2006-01-31 22:33:21.286491750 +0100
+@@ -3160,6 +3160,12 @@
+ ielen = sizeof(wpaie.wpa_ie);
+ memcpy(wpaie.wpa_ie, ni->ni_wpa_ie, ielen);
+ }
++ if (ni->ni_rsn_ie != NULL) {
++ int ielen = ni->ni_rsn_ie[1] + 2;
++ if (ielen > sizeof(wpaie.rsn_ie))
++ ielen = sizeof(wpaie.rsn_ie);
++ memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen);
++ }
+ ieee80211_free_node(ni);
+ return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ?
+ -EFAULT : 0);