Re: wpa_supplicant segfaults with ath

From: Hanns Hartman <rowinggoon_at_hotmail.com> Date: Tue, 30 Aug 2005 06:10:00 -0700 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:42 UTC

That work perfectly thanks.  No more errors.  I also wanted to know if there 
is an easy bit of script I can impliment in order to have the wpa_supplicant 
load at boot up.
thanks
Hanns

>From: Sam Leffler <sam_at_errno.com>
>To: Pascal Hofstee <caelian_at_gmail.com>
>CC: freebsd-current_at_freebsd.org, Hanns Hartman <rowinggoon_at_hotmail.com>
>Subject: Re: wpa_supplicant segfaults with ath
>Date: Mon, 29 Aug 2005 10:26:58 -0700
>
>Pascal Hofstee wrote:
>>On Sun, 2005-08-28 at 23:12 -0700, Hanns Hartman wrote:
>>
>>>Hi,
>>>   This is my first time posting to the list so if you need more 
>>>information let me know. also since I have no internet on my freebsd box 
>>>it is difficult to get all of the verbose output. so here goes.
>>>
>>>I am using freebsd6.0beta2 on an amd64. I am using the src tree from 
>>>august 21.
>>>
>>>I am trying to associate with a 2wire gateway that was supplied by sbc 
>>>for my dsl.  I have set the gateway up with wpa-psk encription.
>>>I am able to connect perfectly fine to this gateway with my ibm t42 but 
>>>when I try to associate with the gateway using wpa_supplicant I get a 
>>>segmentation fault after the program reaches "wpa: sending eapol-key 4/4" 
>>>  specifially it faults right after displaying "wpa: rsc - 
>>>hexdump(len=6): 00 00 00 00 00 00" while using option -d for output.
>>>
>>>when running the supplicant in gdb I get program received SIGSEGV, 
>>>segmentation fault.  0x000000080082d4d0 in strlen () from /lib/libc.so.6
>>>
>>>if there is anything else needed that might help to explain the problem 
>>>let me know.  I appoligize for not having more output to post at this 
>>>time.
>>>thanks for the help
>>>Hanns
>>
>>
>>Thank you for posting this ... as it reminded me i should probably file
>>a bug report on this. I recently tried to do some investigative work of
>>my own hoping to find out why my if_ral interface kept acting up when i
>>bumped into the exact same problem myself.
>>
>>i can tell you why the segfault happens .. though i am not entirely sure
>>how it should be fixed properly.
>>
>>The problem you're experiencing is caused by the ether_ntoa(addr) call
>>in /usr/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c:280
>>
>>ether_ntoa expects a "const struct ether_addr" as it's parameter where
>>in the code the parameter passed is a "const unsigned char*", further
>>more in that same printf statement seq_len and key_len are being
>>displayed using "%d" where this should be "%zu" since these are
>>size_t's. The size_t construct happens a few more times in the code if i
>>recall correctly.
>>
>>The actual crash you're experiencing though is caused by the faulty
>>ether_ntoa argument.
>>
>>If somebody more knowledgable on this particular subject could have a
>>closer look at what was actually intended here that would be
>>appreciated.
>>
>
>A stack trace at the time of the segfault would be useful.  The type 
>mismatches should not be an issue unless there are alignment problems. 
>Please try the attached change which should correct any alignment issues.
>
>	Sam

>Index: driver_freebsd.c
>===================================================================
>RCS file: /usr/ncvs/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c,v
>retrieving revision 1.7
>diff -u -r1.7 driver_freebsd.c
>--- driver_freebsd.c	13 Aug 2005 04:23:33 -0000	1.7
>+++ driver_freebsd.c	29 Aug 2005 17:24:14 -0000
>_at__at_ -30,6 +30,7 _at__at_
>
>  #include <sys/socket.h>
>  #include <net/if.h>
>+#include <net/ethernet.h>
>
>  #include <net80211/ieee80211.h>
>  #include <net80211/ieee80211_crypto.h>
>_at__at_ -231,8 +232,11 _at__at_
>  	memset(&wk, 0, sizeof(wk));
>  	if (addr != NULL &&
>  	    bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) != 0) {
>+		struct ether_addr ea;
>+
>+		memcpy(&ea, addr, IEEE80211_ADDR_LEN);
>  		wpa_printf(MSG_DEBUG, "%s: addr=%s keyidx=%d",
>-			__func__, ether_ntoa(addr), key_idx);
>+			__func__, ether_ntoa(&ea), key_idx);
>  		memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
>  		wk.idk_keyix = (uint8_t) IEEE80211_KEYIX_NONE;
>  	} else {
>_at__at_ -250,6 +254,7 _at__at_
>  {
>  	struct wpa_driver_bsd_data *drv = priv;
>  	struct ieee80211req_key wk;
>+	struct ether_addr ea;
>  	char *alg_name;
>  	u_int8_t cipher;
>
>_at__at_ -275,18 +280,19 _at__at_
>  		return -1;
>  	}
>
>+	memcpy(&ea, addr, IEEE80211_ADDR_LEN);
>  	wpa_printf(MSG_DEBUG,
>-		"%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%d key_len=%d",
>-		__func__, alg_name, ether_ntoa(addr), key_idx, set_tx,
>+		"%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%zu key_len=%zu",
>+		__func__, alg_name, ether_ntoa(&ea), key_idx, set_tx,
>  		seq_len, key_len);
>
>  	if (seq_len > sizeof(u_int64_t)) {
>-		wpa_printf(MSG_DEBUG, "%s: seq_len %d too big",
>+		wpa_printf(MSG_DEBUG, "%s: seq_len %zu too big",
>  			__func__, seq_len);
>  		return -2;
>  	}
>  	if (key_len > sizeof(wk.ik_keydata)) {
>-		wpa_printf(MSG_DEBUG, "%s: key length %d too big",
>+		wpa_printf(MSG_DEBUG, "%s: key length %zu too big",
>  			__func__, key_len);
>  		return -3;
>  	}

>_______________________________________________
>freebsd-current_at_freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-current
>To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"