Hi, I have compiled my kernel with ProPolice and if_iwi happened to trigger the stack smashing protector, which means there has been a buffer overflow in a buffer allocated in the stack. The buffer overflow occurs in iwi_auth_and_assoc(), and the only buffer in this function is in struct iwi_rateset, which can handle 12 rates, however according to kgdb ni->ni_rates.rs_nrates has a value of 13. I am not confident with the net80211 code, but a quick glance at sys/net80211/_ieee80211.h shows that there may be up to 15 rates. Therefore I bumped up the number of rates in iwi_rateset to 15 and there is no buffer overflow anymore, though I don't know if this is the correct fix. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:01 UTC