summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
24696a0)
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
/* Wrapper for scan list */
static int iwinfo_L_scanlist(lua_State *L, int (*func)(const char *, char *, int *))
{
/* Wrapper for scan list */
static int iwinfo_L_scanlist(lua_State *L, int (*func)(const char *, char *, int *))
{
char rv[IWINFO_BUFSIZE];
char macstr[18];
const char *ifname = luaL_checkstring(L, 1);
char rv[IWINFO_BUFSIZE];
char macstr[18];
const char *ifname = luaL_checkstring(L, 1);
int ifidx = -1, phyidx = -1;
struct nl80211_msg_conveyor *cv;
int ifidx = -1, phyidx = -1;
struct nl80211_msg_conveyor *cv;
+ if (ifname == NULL)
+ return NULL;
+
if (nl80211_init() < 0)
return NULL;
if (nl80211_init() < 0)
return NULL;
else
ifidx = if_nametoindex(ifname);
else
ifidx = if_nametoindex(ifname);
- if ((ifidx < 0) && (phyidx < 0))
+ /* Valid ifidx must be greater than 0 */
+ if ((ifidx <= 0) && (phyidx < 0))
return NULL;
cv = nl80211_new(nls->nl80211, cmd, flags);
return NULL;
cv = nl80211_new(nls->nl80211, cmd, flags);
DIR *d;
struct dirent *e;
DIR *d;
struct dirent *e;
+ /* Only accept phy name of the form phy%d or radio%d */
if (!ifname)
return NULL;
else if (!strncmp(ifname, "phy", 3))
phyidx = atoi(&ifname[3]);
else if (!strncmp(ifname, "radio", 5))
phyidx = atoi(&ifname[5]);
if (!ifname)
return NULL;
else if (!strncmp(ifname, "phy", 3))
phyidx = atoi(&ifname[3]);
else if (!strncmp(ifname, "radio", 5))
phyidx = atoi(&ifname[5]);
memset(nif, 0, sizeof(nif));
memset(nif, 0, sizeof(nif));