Date: Tue, 30 Aug 2005 10:13:29 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Hanns Hartman <rowinggoon@hotmail.com> Cc: sam@errno.com, freebsd-current@freebsd.org, caelian@gmail.com Subject: Re: wpa_supplicant segfaults with ath Message-ID: <20050830171329.GA22722@odin.ac.hmc.edu> In-Reply-To: <BAY101-F4FC1BEF4673052F1C7F38CCAE0@phx.gbl> References: <43134562.7040009@errno.com> <BAY101-F4FC1BEF4673052F1C7F38CCAE0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Aug 30, 2005 at 06:10:00AM -0700, Hanns Hartman wrote:
> That work perfectly thanks. No more errors. I also wanted to know if=20
> there is an easy bit of script I can impliment in order to have the=20
> wpa_supplicant load at boot up.
As per rc.conf(5), add WPA to your ifconfig_<ifn> entry in /etc/rc.conf.
-- Brooks
> >From: Sam Leffler <sam@errno.com>
> >To: Pascal Hofstee <caelian@gmail.com>
> >CC: freebsd-current@freebsd.org, Hanns Hartman <rowinggoon@hotmail.com>
> >Subject: Re: wpa_supplicant segfaults with ath
> >Date: Mon, 29 Aug 2005 10:26:58 -0700
> >
> >Pascal Hofstee wrote:
> >>On Sun, 2005-08-28 at 23:12 -0700, Hanns Hartman wrote:
> >>
> >>>Hi,
> >>> This is my first time posting to the list so if you need more=20
> >>>information let me know. also since I have no internet on my freebsd b=
ox=20
> >>>it is difficult to get all of the verbose output. so here goes.
> >>>
> >>>I am using freebsd6.0beta2 on an amd64. I am using the src tree from=
=20
> >>>august 21.
> >>>
> >>>I am trying to associate with a 2wire gateway that was supplied by sbc=
=20
> >>>for my dsl. I have set the gateway up with wpa-psk encription.
> >>>I am able to connect perfectly fine to this gateway with my ibm t42 bu=
t=20
> >>>when I try to associate with the gateway using wpa_supplicant I get a=
=20
> >>>segmentation fault after the program reaches "wpa: sending eapol-key=
=20
> >>>4/4" specifially it faults right after displaying "wpa: rsc -=20
> >>>hexdump(len=3D6): 00 00 00 00 00 00" while using option -d for output.
> >>>
> >>>when running the supplicant in gdb I get program received SIGSEGV,=20
> >>>segmentation fault. 0x000000080082d4d0 in strlen () from /lib/libc.so=
.6
> >>>
> >>>if there is anything else needed that might help to explain the proble=
m=20
> >>>let me know. I appoligize for not having more output to post at this=
=20
> >>>time.
> >>>thanks for the help
> >>>Hanns
> >>
> >>
> >>Thank you for posting this ... as it reminded me i should probably file
> >>a bug report on this. I recently tried to do some investigative work of
> >>my own hoping to find out why my if_ral interface kept acting up when i
> >>bumped into the exact same problem myself.
> >>
> >>i can tell you why the segfault happens .. though i am not entirely sure
> >>how it should be fixed properly.
> >>
> >>The problem you're experiencing is caused by the ether_ntoa(addr) call
> >>in /usr/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c:280
> >>
> >>ether_ntoa expects a "const struct ether_addr" as it's parameter where
> >>in the code the parameter passed is a "const unsigned char*", further
> >>more in that same printf statement seq_len and key_len are being
> >>displayed using "%d" where this should be "%zu" since these are
> >>size_t's. The size_t construct happens a few more times in the code if i
> >>recall correctly.
> >>
> >>The actual crash you're experiencing though is caused by the faulty
> >>ether_ntoa argument.
> >>
> >>If somebody more knowledgable on this particular subject could have a
> >>closer look at what was actually intended here that would be
> >>appreciated.
> >>
> >
> >A stack trace at the time of the segfault would be useful. The type=20
> >mismatches should not be an issue unless there are alignment problems.=
=20
> >Please try the attached change which should correct any alignment issues.
> >
> > Sam
>=20
>=20
> >Index: driver_freebsd.c
> >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >RCS file: /usr/ncvs/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c,v
> >retrieving revision 1.7
> >diff -u -r1.7 driver_freebsd.c
> >--- driver_freebsd.c 13 Aug 2005 04:23:33 -0000 1.7
> >+++ driver_freebsd.c 29 Aug 2005 17:24:14 -0000
> >@@ -30,6 +30,7 @@
> >
> > #include <sys/socket.h>
> > #include <net/if.h>
> >+#include <net/ethernet.h>
> >
> > #include <net80211/ieee80211.h>
> > #include <net80211/ieee80211_crypto.h>
> >@@ -231,8 +232,11 @@
> > memset(&wk, 0, sizeof(wk));
> > if (addr !=3D NULL &&
> > bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) !=3D 0)=
=20
> > {
> >+ struct ether_addr ea;
> >+
> >+ memcpy(&ea, addr, IEEE80211_ADDR_LEN);
> > wpa_printf(MSG_DEBUG, "%s: addr=3D%s keyidx=3D%d",
> >- __func__, ether_ntoa(addr), key_idx);
> >+ __func__, ether_ntoa(&ea), key_idx);
> > memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
> > wk.idk_keyix =3D (uint8_t) IEEE80211_KEYIX_NONE;
> > } else {
> >@@ -250,6 +254,7 @@
> > {
> > struct wpa_driver_bsd_data *drv =3D priv;
> > struct ieee80211req_key wk;
> >+ struct ether_addr ea;
> > char *alg_name;
> > u_int8_t cipher;
> >
> >@@ -275,18 +280,19 @@
> > return -1;
> > }
> >
> >+ memcpy(&ea, addr, IEEE80211_ADDR_LEN);
> > wpa_printf(MSG_DEBUG,
> >- "%s: alg=3D%s addr=3D%s key_idx=3D%d set_tx=3D%d seq_len=3D%d=20
> >key_len=3D%d",
> >- __func__, alg_name, ether_ntoa(addr), key_idx, set_tx,
> >+ "%s: alg=3D%s addr=3D%s key_idx=3D%d set_tx=3D%d seq_len=3D%zu=20
> >key_len=3D%zu",
> >+ __func__, alg_name, ether_ntoa(&ea), key_idx, set_tx,
> > seq_len, key_len);
> >
> > if (seq_len > sizeof(u_int64_t)) {
> >- wpa_printf(MSG_DEBUG, "%s: seq_len %d too big",
> >+ wpa_printf(MSG_DEBUG, "%s: seq_len %zu too big",
> > __func__, seq_len);
> > return -2;
> > }
> > if (key_len > sizeof(wk.ik_keydata)) {
> >- wpa_printf(MSG_DEBUG, "%s: key length %d too big",
> >+ wpa_printf(MSG_DEBUG, "%s: key length %zu too big",
> > __func__, key_len);
> > return -3;
> > }
>=20
>=20
> >_______________________________________________
> >freebsd-current@freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-current
> >To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.or=
g"
>=20
>=20
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDFJO4XY6L6fI4GtQRAq0IAJ942gLmUnEh3waODCxNV5bH3r6TLwCfXUnP
oZpNiEGK2DVsmpeO1fD5q2o=
=Edl2
-----END PGP SIGNATURE-----
--qDbXVdCdHGoSgWSk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050830171329.GA22722>