From 752413e7f0ff73c22b2c828ffa9767be7e8f2df1 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 31 Jan 2006 21:45:23 +0000 Subject: [PATCH] fix hostapd/madwifi crash (#247) SVN-Revision: 3102 --- .../package/hostapd/patches/100-wpa_fix.patch | 58 +++++++++++++++++++ .../madwifi/patches/103-wpa_crash.patch | 27 +++++++++ 2 files changed, 85 insertions(+) create mode 100644 openwrt/package/hostapd/patches/100-wpa_fix.patch create mode 100644 openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch diff --git a/openwrt/package/hostapd/patches/100-wpa_fix.patch b/openwrt/package/hostapd/patches/100-wpa_fix.patch new file mode 100644 index 0000000000..502167cbd3 --- /dev/null +++ b/openwrt/package/hostapd/patches/100-wpa_fix.patch @@ -0,0 +1,58 @@ +--- hostapd-0.4.7/driver_madwifi.c 2006-01-30 10:00:44.199096000 -0800 ++++ hostapd-0.4.7-new/driver_madwifi.c 2006-01-30 10:05:55.925511000 -0800 +@@ -692,6 +692,7 @@ + struct hostapd_data *hapd = drv->hapd; + struct ieee80211req_wpaie ie; + int ielen, res; ++ int rsn = 0; + + /* + * Fetch negotiated WPA/RSN parameters from the system. +@@ -702,26 +703,37 @@ + printf("Failed to get WPA/RSN information element.\n"); + return -1; /* XXX not right */ + } +- ielen = ie.wpa_ie[1]; +- if (ielen == 0) { ++ if ((ie.wpa_ie[1] == 0) && (ie.rsn_ie[1] == 0)){ + printf("No WPA/RSN information element for station!?\n"); + return -1; /* XXX not right */ + } ++ ielen = ie.rsn_ie[1]; + ielen += 2; +- res = wpa_validate_wpa_ie(hapd, sta, ie.wpa_ie, ielen, +- ie.wpa_ie[0] == WLAN_EID_RSN ? +- HOSTAPD_WPA_VERSION_WPA2 : HOSTAPD_WPA_VERSION_WPA); +- if (res != WPA_IE_OK) { +- printf("WPA/RSN information element rejected? (res %u)\n", res); +- return -1; +- } ++ res = wpa_validate_wpa_ie(hapd, sta, ie.rsn_ie, ielen, ++ HOSTAPD_WPA_VERSION_WPA2); ++ if (res != WPA_IE_OK){ ++ // now look for WPA IE ++ ielen = ie.wpa_ie[1]; ++ ielen += 2; ++ res = wpa_validate_wpa_ie(hapd, sta, ie.wpa_ie, ielen, ++ HOSTAPD_WPA_VERSION_WPA); ++ if (res != WPA_IE_OK) { ++ printf("WPA/RSN information element rejected? (res %u)\n", res); ++ return -1; ++ } ++ } else { ++ rsn = 1; ++ } + free(sta->wpa_ie); + sta->wpa_ie = malloc(ielen); + if (sta->wpa_ie == NULL) { + printf("No memory to save WPA/RSN information element!\n"); + return -1; + } +- memcpy(sta->wpa_ie, ie.wpa_ie, ielen); ++ if (rsn) ++ memcpy(sta->wpa_ie, ie.rsn_ie, ielen); ++ else ++ memcpy(sta->wpa_ie, ie.wpa_ie, ielen); + sta->wpa_ie_len = ielen; + return 0; + } diff --git a/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch new file mode 100644 index 0000000000..7a92ccb010 --- /dev/null +++ b/openwrt/target/linux/package/madwifi/patches/103-wpa_crash.patch @@ -0,0 +1,27 @@ +diff -urN madwifi.old/net80211/ieee80211_ioctl.h madwifi.dev/net80211/ieee80211_ioctl.h +--- madwifi.old/net80211/ieee80211_ioctl.h 2005-12-07 03:53:07.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_ioctl.h 2006-01-31 22:33:21.282491500 +0100 +@@ -277,6 +277,7 @@ + struct ieee80211req_wpaie { + u_int8_t wpa_macaddr[IEEE80211_ADDR_LEN]; + u_int8_t wpa_ie[IEEE80211_MAX_OPT_IE]; ++ u_int8_t rsn_ie[IEEE80211_MAX_OPT_IE]; + }; + + /* +diff -urN madwifi.old/net80211/ieee80211_wireless.c madwifi.dev/net80211/ieee80211_wireless.c +--- madwifi.old/net80211/ieee80211_wireless.c 2006-01-23 08:07:51.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_wireless.c 2006-01-31 22:33:21.286491750 +0100 +@@ -3160,6 +3160,12 @@ + ielen = sizeof(wpaie.wpa_ie); + memcpy(wpaie.wpa_ie, ni->ni_wpa_ie, ielen); + } ++ if (ni->ni_rsn_ie != NULL) { ++ int ielen = ni->ni_rsn_ie[1] + 2; ++ if (ielen > sizeof(wpaie.rsn_ie)) ++ ielen = sizeof(wpaie.rsn_ie); ++ memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen); ++ } + ieee80211_free_node(ni); + return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ? + -EFAULT : 0);