diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2014-08-12 11:14:11 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2014-08-12 11:14:11 +0000 |
commit | eb02b887ff2e71b28c47205f2c4070e9139bc2a0 (patch) | |
tree | a519ee0446a42522ebbcc913aff13c0038f2de30 /package/network/utils/iwinfo/src/iwinfo_lua.c | |
parent | 24696a06ad504807a0e5207c46ca488c5f70e02d (diff) | |
download | mtk-20170518-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.zip mtk-20170518-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.tar.gz mtk-20170518-eb02b887ff2e71b28c47205f2c4070e9139bc2a0.tar.bz2 |
package: fix segfault of iwinfo.scanlist("radio0").
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
Diffstat (limited to 'package/network/utils/iwinfo/src/iwinfo_lua.c')
-rw-r--r-- | package/network/utils/iwinfo/src/iwinfo_lua.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/network/utils/iwinfo/src/iwinfo_lua.c b/package/network/utils/iwinfo/src/iwinfo_lua.c index 9b7d655..cdb90d5 100644 --- a/package/network/utils/iwinfo/src/iwinfo_lua.c +++ b/package/network/utils/iwinfo/src/iwinfo_lua.c @@ -362,7 +362,7 @@ static int iwinfo_L_txpwrlist(lua_State *L, int (*func)(const char *, char *, in /* Wrapper for scan list */ static int iwinfo_L_scanlist(lua_State *L, int (*func)(const char *, char *, int *)) { - int i, x, len; + int i, x, len = 0; char rv[IWINFO_BUFSIZE]; char macstr[18]; const char *ifname = luaL_checkstring(L, 1); |