Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Apr 2022 13:48:47 GMT
From:      Cy Schubert <cy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 6def5bc64cb9 - stable/12 - wpa: Correctly call pcap_next_ex()
Message-ID:  <202204141348.23EDml8j067154@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=6def5bc64cb9b97b4978b5fa6fa8d9ba36deddd8

commit 6def5bc64cb9b97b4978b5fa6fa8d9ba36deddd8
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-04-14 01:45:49 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-04-14 13:48:39 +0000

    wpa: Correctly call pcap_next_ex()
    
    The second argument to pcap_next_ex() is a pointer to a pointer.
    Not a pointer. This fixes a wpa_supplicent SIGSEGV.
    
    PR:             263266
    Reported by:    Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
    Fixes:          6e5d01124fd4dd57899ddd9260c76dbb43543aa7
    
    (cherry picked from commit 1e0ca65a3bb5798a80eccaae58d863f1f08b9ae8)
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index da742f432120..0461758ff210 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -77,7 +77,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 {
 	struct l2_packet_data *l2 = eloop_ctx;
 	pcap_t *pcap = sock_ctx;
-	struct pcap_pkthdr hdr;
+	struct pcap_pkthdr *hdr;
 	const u_char *packet;
 	struct l2_ethhdr *ethhdr;
 	unsigned char *buf;
@@ -88,16 +88,16 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 		eloop_terminate();
 	}
 
-	if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
+	if (!l2->rx_callback || !packet || hdr->caplen < sizeof(*ethhdr))
 		return;
 
 	ethhdr = (struct l2_ethhdr *) packet;
 	if (l2->l2_hdr) {
 		buf = (unsigned char *) ethhdr;
-		len = hdr.caplen;
+		len = hdr->caplen;
 	} else {
 		buf = (unsigned char *) (ethhdr + 1);
-		len = hdr.caplen - sizeof(*ethhdr);
+		len = hdr->caplen - sizeof(*ethhdr);
 	}
 	l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204141348.23EDml8j067154>