package: fix segfault of iwinfo.scanlist("radio0").
authorJo-Philipp Wich <jow@openwrt.org>
Tue, 12 Aug 2014 11:14:11 +0000 (11:14 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Tue, 12 Aug 2014 11:14:11 +0000 (11:14 +0000)
This is a bug revealed in r41830.

First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like.  This will
happen in the following call stack.

 nl80211_get_scanlist("radio0", buf, len);
   nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
   nl80211_get_scanlist(nif, buf, len); // tail call
     nl80211_get_mode(nif);
        nl80211_phy2ifname(nif); // zero out nif

Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.

Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151


No differences found