From owner-freebsd-current@FreeBSD.ORG Tue Aug 30 13:10:00 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE91C16A41F for ; Tue, 30 Aug 2005 13:10:00 +0000 (GMT) (envelope-from rowinggoon@hotmail.com) Received: from hotmail.com (bay101-f4.bay101.hotmail.com [64.4.56.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97EC643D45 for ; Tue, 30 Aug 2005 13:10:00 +0000 (GMT) (envelope-from rowinggoon@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 30 Aug 2005 06:10:00 -0700 Message-ID: Received: from 64.4.56.200 by by101fd.bay101.hotmail.msn.com with HTTP; Tue, 30 Aug 2005 13:10:00 GMT X-Originating-IP: [64.4.56.200] X-Originating-Email: [rowinggoon@hotmail.com] X-Sender: rowinggoon@hotmail.com In-Reply-To: <43134562.7040009@errno.com> From: "Hanns Hartman" To: sam@errno.com, caelian@gmail.com Date: Tue, 30 Aug 2005 06:10:00 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 30 Aug 2005 13:10:00.0314 (UTC) FILETIME=[207A2DA0:01C5AD64] Cc: freebsd-current@freebsd.org Subject: Re: wpa_supplicant segfaults with ath X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2005 13:10:01 -0000 That work perfectly thanks. No more errors. I also wanted to know if there is an easy bit of script I can impliment in order to have the wpa_supplicant load at boot up. thanks Hanns >From: Sam Leffler >To: Pascal Hofstee >CC: freebsd-current@freebsd.org, Hanns Hartman >Subject: Re: wpa_supplicant segfaults with ath >Date: Mon, 29 Aug 2005 10:26:58 -0700 > >Pascal Hofstee wrote: >>On Sun, 2005-08-28 at 23:12 -0700, Hanns Hartman wrote: >> >>>Hi, >>> This is my first time posting to the list so if you need more >>>information let me know. also since I have no internet on my freebsd box >>>it is difficult to get all of the verbose output. so here goes. >>> >>>I am using freebsd6.0beta2 on an amd64. I am using the src tree from >>>august 21. >>> >>>I am trying to associate with a 2wire gateway that was supplied by sbc >>>for my dsl. I have set the gateway up with wpa-psk encription. >>>I am able to connect perfectly fine to this gateway with my ibm t42 but >>>when I try to associate with the gateway using wpa_supplicant I get a >>>segmentation fault after the program reaches "wpa: sending eapol-key 4/4" >>> specifially it faults right after displaying "wpa: rsc - >>>hexdump(len=6): 00 00 00 00 00 00" while using option -d for output. >>> >>>when running the supplicant in gdb I get program received SIGSEGV, >>>segmentation fault. 0x000000080082d4d0 in strlen () from /lib/libc.so.6 >>> >>>if there is anything else needed that might help to explain the problem >>>let me know. I appoligize for not having more output to post at this >>>time. >>>thanks for the help >>>Hanns >> >> >>Thank you for posting this ... as it reminded me i should probably file >>a bug report on this. I recently tried to do some investigative work of >>my own hoping to find out why my if_ral interface kept acting up when i >>bumped into the exact same problem myself. >> >>i can tell you why the segfault happens .. though i am not entirely sure >>how it should be fixed properly. >> >>The problem you're experiencing is caused by the ether_ntoa(addr) call >>in /usr/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c:280 >> >>ether_ntoa expects a "const struct ether_addr" as it's parameter where >>in the code the parameter passed is a "const unsigned char*", further >>more in that same printf statement seq_len and key_len are being >>displayed using "%d" where this should be "%zu" since these are >>size_t's. The size_t construct happens a few more times in the code if i >>recall correctly. >> >>The actual crash you're experiencing though is caused by the faulty >>ether_ntoa argument. >> >>If somebody more knowledgable on this particular subject could have a >>closer look at what was actually intended here that would be >>appreciated. >> > >A stack trace at the time of the segfault would be useful. The type >mismatches should not be an issue unless there are alignment problems. >Please try the attached change which should correct any alignment issues. > > Sam >Index: driver_freebsd.c >=================================================================== >RCS file: /usr/ncvs/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c,v >retrieving revision 1.7 >diff -u -r1.7 driver_freebsd.c >--- driver_freebsd.c 13 Aug 2005 04:23:33 -0000 1.7 >+++ driver_freebsd.c 29 Aug 2005 17:24:14 -0000 >@@ -30,6 +30,7 @@ > > #include > #include >+#include > > #include > #include >@@ -231,8 +232,11 @@ > memset(&wk, 0, sizeof(wk)); > if (addr != NULL && > bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) != 0) { >+ struct ether_addr ea; >+ >+ memcpy(&ea, addr, IEEE80211_ADDR_LEN); > wpa_printf(MSG_DEBUG, "%s: addr=%s keyidx=%d", >- __func__, ether_ntoa(addr), key_idx); >+ __func__, ether_ntoa(&ea), key_idx); > memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN); > wk.idk_keyix = (uint8_t) IEEE80211_KEYIX_NONE; > } else { >@@ -250,6 +254,7 @@ > { > struct wpa_driver_bsd_data *drv = priv; > struct ieee80211req_key wk; >+ struct ether_addr ea; > char *alg_name; > u_int8_t cipher; > >@@ -275,18 +280,19 @@ > return -1; > } > >+ memcpy(&ea, addr, IEEE80211_ADDR_LEN); > wpa_printf(MSG_DEBUG, >- "%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%d key_len=%d", >- __func__, alg_name, ether_ntoa(addr), key_idx, set_tx, >+ "%s: alg=%s addr=%s key_idx=%d set_tx=%d seq_len=%zu key_len=%zu", >+ __func__, alg_name, ether_ntoa(&ea), key_idx, set_tx, > seq_len, key_len); > > if (seq_len > sizeof(u_int64_t)) { >- wpa_printf(MSG_DEBUG, "%s: seq_len %d too big", >+ wpa_printf(MSG_DEBUG, "%s: seq_len %zu too big", > __func__, seq_len); > return -2; > } > if (key_len > sizeof(wk.ik_keydata)) { >- wpa_printf(MSG_DEBUG, "%s: key length %d too big", >+ wpa_printf(MSG_DEBUG, "%s: key length %zu too big", > __func__, key_len); > return -3; > } >_______________________________________________ >freebsd-current@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-current >To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"