Date: Thu, 14 Apr 2022 13:48:47 GMT From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6def5bc64cb9 - stable/12 - wpa: Correctly call pcap_next_ex() Message-ID: <202204141348.23EDml8j067154@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=6def5bc64cb9b97b4978b5fa6fa8d9ba36deddd8 commit 6def5bc64cb9b97b4978b5fa6fa8d9ba36deddd8 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-04-14 01:45:49 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-04-14 13:48:39 +0000 wpa: Correctly call pcap_next_ex() The second argument to pcap_next_ex() is a pointer to a pointer. Not a pointer. This fixes a wpa_supplicent SIGSEGV. PR: 263266 Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Fixes: 6e5d01124fd4dd57899ddd9260c76dbb43543aa7 (cherry picked from commit 1e0ca65a3bb5798a80eccaae58d863f1f08b9ae8) --- contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c index da742f432120..0461758ff210 100644 --- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c +++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c @@ -77,7 +77,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) { struct l2_packet_data *l2 = eloop_ctx; pcap_t *pcap = sock_ctx; - struct pcap_pkthdr hdr; + struct pcap_pkthdr *hdr; const u_char *packet; struct l2_ethhdr *ethhdr; unsigned char *buf; @@ -88,16 +88,16 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) eloop_terminate(); } - if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr)) + if (!l2->rx_callback || !packet || hdr->caplen < sizeof(*ethhdr)) return; ethhdr = (struct l2_ethhdr *) packet; if (l2->l2_hdr) { buf = (unsigned char *) ethhdr; - len = hdr.caplen; + len = hdr->caplen; } else { buf = (unsigned char *) (ethhdr + 1); - len = hdr.caplen - sizeof(*ethhdr); + len = hdr->caplen - sizeof(*ethhdr); } l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204141348.23EDml8j067154>