Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix a bug with ap_rx_from_unknown_sta() recursion

ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
Witold Sowa 15 years ago
parent
335ce76b1c
commit
3a57305f10
2 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 2 2
      src/drivers/driver_nl80211.c
  2. 2 2
      wpa_supplicant/ap.c

+ 2 - 2
src/drivers/driver_nl80211.c
View File 

@@ -2588,7 +2588,7 @@ static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
 
 
 void ap_tx_status(void *ctx, const u8 *addr,
 
 		  const u8 *buf, size_t len, int ack);
 
-void ap_rx_from_unknown_sta(void *ctx, const u8 *addr);
 
+void ap_rx_from_unknown_sta(void *ctx, struct ieee80211_hdr *hdr, size_t len);
 
 void ap_mgmt_rx(void *ctx, u8 *buf, size_t len, u16 stype,
 
 		struct hostapd_frame_info *fi);
 
 void ap_mgmt_tx_cb(void *ctx, u8 *buf, size_t len, u16 stype, int ok);
 
@@ -2643,7 +2643,7 @@ static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
 
 #ifdef HOSTAPD
 
 	hostapd_rx_from_unknown_sta(drv->ctx, hdr, len);
 
 #else /* HOSTAPD */
 
-	ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
 
+	ap_rx_from_unknown_sta(drv->ctx, hdr, len);
 
 #endif /* HOSTAPD */
 
 }

+ 2 - 2
wpa_supplicant/ap.c
View File 

@@ -494,10 +494,10 @@ void ap_tx_status(void *ctx, const u8 *addr,
 
 }
 
 
 
-void ap_rx_from_unknown_sta(void *ctx, const u8 *addr)
 
+void ap_rx_from_unknown_sta(void *ctx, struct ieee80211_hdr *hdr, size_t len)
 
 {
 
 	struct wpa_supplicant *wpa_s = ctx;
 
-	ap_rx_from_unknown_sta(wpa_s->ap_iface->bss[0], addr);
 
+	hostapd_rx_from_unknown_sta(wpa_s->ap_iface->bss[0], hdr, len);
 
 }