Re: wpa_supplicant segfaults with ath

From: Brooks Davis <brooks_at_one-eyed-alien.net>
Date: Tue, 30 Aug 2005 10:13:29 -0700
On Tue, Aug 30, 2005 at 06:10:00AM -0700, Hanns Hartman wrote:
> That work perfectly thanks.  No more errors.  I also wanted to know if 
> there is an easy bit of script I can impliment in order to have the 
> wpa_supplicant load at boot up.

As per rc.conf(5), add WPA to your ifconfig_<ifn> entry in /etc/rc.conf.

-- Brooks

> >From: Sam Leffler <sam_at_errno.com>
> >To: Pascal Hofstee <caelian_at_gmail.com>
> >CC: freebsd-current_at_freebsd.org, Hanns Hartman <rowinggoon_at_hotmail.com>
> >Subject: Re: wpa_supplicant segfaults with ath
> >Date: Mon, 29 Aug 2005 10:26:58 -0700
> >
> >Pascal Hofstee wrote:
> >>On Sun, 2005-08-28 at 23:12 -0700, Hanns Hartman wrote:
> >>
> >>>Hi,
> >>>  This is my first time posting to the list so if you need more 
> >>>information let me know. also since I have no internet on my freebsd box 
> >>>it is difficult to get all of the verbose output. so here goes.
> >>>
> >>>I am using freebsd6.0beta2 on an amd64. I am using the src tree from 
> >>>august 21.
> >>>
> >>>I am trying to associate with a 2wire gateway that was supplied by sbc 
> >>>for my dsl.  I have set the gateway up with wpa-psk encription.
> >>>I am able to connect perfectly fine to this gateway with my ibm t42 but 
> >>>when I try to associate with the gateway using wpa_supplicant I get a 
> >>>segmentation fault after the program reaches "wpa: sending eapol-key 
> >>>4/4" specifially it faults right after displaying "wpa: rsc - 
> >>>hexdump(len=6): 00 00 00 00 00 00" while using option -d for output.
> >>>
> >>>when running the supplicant in gdb I get program received SIGSEGV, 
> >>>segmentation fault.  0x000000080082d4d0 in strlen () from /lib/libc.so.6
> >>>
> >>>if there is anything else needed that might help to explain the problem 
> >>>let me know.  I appoligize for not having more output to post at this 
> >>>time.
> >>>thanks for the help
> >>>Hanns
> >>
> >>
> >>Thank you for posting this ... as it reminded me i should probably file
> >>a bug report on this. I recently tried to do some investigative work of
> >>my own hoping to find out why my if_ral interface kept acting up when i
> >>bumped into the exact same problem myself.
> >>
> >>i can tell you why the segfault happens .. though i am not entirely sure
> >>how it should be fixed properly.
> >>
> >>The problem you're experiencing is caused by the ether_ntoa(addr) call
> >>in /usr/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c:280
> >>
> >>ether_ntoa expects a "const struct ether_addr" as it's parameter where
> >>in the code the parameter passed is a "const unsigned char*", further
> >>more in that same printf statement seq_len and key_len are being
> >>displayed using "%d" where this should be "%zu" since these are
> >>size_t's. The size_t construct happens a few more times in the code if i
> >>recall correctly.
> >>
> >>The actual crash you're experiencing though is caused by the faulty
> >>ether_ntoa argument.
> >>
> >>If somebody more knowledgable on this particular subject could have a
> >>closer look at what was actually intended here that would be
> >>appreciated.
> >>
> >
> >A stack trace at the time of the segfault would be useful.  The type 
> >mismatches should not be an issue unless there are alignment problems. 
> >Please try the attached change which should correct any alignment issues.
> >
> >	Sam
> 
> 
> >Index: driver_freebsd.c
> >===================================================================
> >RCS file: /usr/ncvs/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c,v
> >retrieving revision 1.7
> >diff -u -r1.7 driver_freebsd.c
> >--- driver_freebsd.c	13 Aug 2005 04:23:33 -0000	1.7
> >+++ driver_freebsd.c	29 Aug 2005 17:24:14 -0000
> >_at__at_ -30,6 +30,7 _at__at_
> >
> > #include <sys/socket.h>
> > #include <net/if.h>
> >+#include <net/ethernet.h>
> >
> > #include <net80211/ieee80211.h>
> > #include <net80211/ieee80211_crypto.h>
> >_at__at_ -231,8 +232,11 _at__at_
> > 	memset(&wk, 0, sizeof(wk));
> > 	if (addr != NULL &&
> > 	    bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) != 0) 
> > 	    {
> >+		struct ether_addr ea;
> >+
> >+		memcpy(&ea, addr, IEEE80211_ADDR_LEN);
> > 		wpa_printf(MSG_DEBUG, "%s: addr=%s keyidx=%d",
> >-			__func__, ether_ntoa(addr), key_idx);
> >+			__func__, ether_ntoa(&ea), key_idx);
> > 		memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
> > 		wk.idk_keyix = (uint8_t) IEEE80211_KEYIX_NONE;
> > 	} else {
> >_at__at_ -250,6 +254,7 _at__at_
> > {
> > 	struct wpa_driver_bsd_data *drv = priv;
> > 	struct ieee80211req_key wk;
> >+	struct ether_addr ea;
> > 	char *alg_name;
> > 	u_int8_t cipher;
> >
> >_at__at_ -275,18 +280,19 _at__at_
> > 		return -1;
> > 	}
> >
> >+	memcpy(&ea, addr, IEEE80211_ADDR_LEN);
> > 	wpa_printf(MSG_DEBUG,
> >-		"%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%d 
> >key_len=%d",
> >-		__func__, alg_name, ether_ntoa(addr), key_idx, set_tx,
> >+		"%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%zu 
> >key_len=%zu",
> >+		__func__, alg_name, ether_ntoa(&ea), key_idx, set_tx,
> > 		seq_len, key_len);
> >
> > 	if (seq_len > sizeof(u_int64_t)) {
> >-		wpa_printf(MSG_DEBUG, "%s: seq_len %d too big",
> >+		wpa_printf(MSG_DEBUG, "%s: seq_len %zu too big",
> > 			__func__, seq_len);
> > 		return -2;
> > 	}
> > 	if (key_len > sizeof(wk.ik_keydata)) {
> >-		wpa_printf(MSG_DEBUG, "%s: key length %d too big",
> >+		wpa_printf(MSG_DEBUG, "%s: key length %zu too big",
> > 			__func__, key_len);
> > 		return -3;
> > 	}
> 
> 
> >_______________________________________________
> >freebsd-current_at_freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-current
> >To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> 
> 
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

Received on Tue Aug 30 2005 - 15:13:32 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:42 UTC