* [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode)
@ 2007-09-23 14:26 Michael Buesch
2007-09-23 15:27 ` Ulrich Kunitz
0 siblings, 1 reply; 4+ messages in thread
From: Michael Buesch @ 2007-09-23 14:26 UTC (permalink / raw)
To: Ulrich Kunitz, Daniel Drake; +Cc: John Linville, linux-wireless
This fixes NULL pointer dereferences.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
---
This patch is against zd1211rw-mac80211. I'll now clone
wireless-2.6 to get the upstream version. But I guess
this patch does also apply cleanly to z1211, if the paths
are changed.
Index: wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c
===================================================================
--- wireless-dev.orig/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-19 17:15:58.000000000 +0200
+++ wireless-dev/drivers/net/wireless/zd1211rw-mac80211/zd_chip.c 2007-09-23 15:47:43.000000000 +0200
@@ -52,8 +52,15 @@ void zd_chip_clear(struct zd_chip *chip)
static int scnprint_mac_oui(struct zd_chip *chip, char *buffer, size_t size)
{
u8 *addr = zd_chip_to_mac(chip)->hwaddr;
+ u8 a = 0, b = 0, c = 0;
+
+ if (addr) {
+ a = addr[0];
+ b = addr[1];
+ c = addr[2];
+ }
return scnprintf(buffer, size, "%02x-%02x-%02x",
- addr[0], addr[1], addr[2]);
+ a, b, c);
}
/* Prints an identifier line, which will support debugging. */
@@ -378,15 +385,16 @@ int zd_write_mac_addr(struct zd_chip *ch
[1] = { .addr = CR_MAC_ADDR_P2 },
};
- reqs[0].value = (mac_addr[3] << 24)
- | (mac_addr[2] << 16)
- | (mac_addr[1] << 8)
- | mac_addr[0];
- reqs[1].value = (mac_addr[5] << 8)
- | mac_addr[4];
-
- dev_dbg_f(zd_chip_dev(chip),
- "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ if (mac_addr) {
+ reqs[0].value = (mac_addr[3] << 24)
+ | (mac_addr[2] << 16)
+ | (mac_addr[1] << 8)
+ | mac_addr[0];
+ reqs[1].value = (mac_addr[5] << 8)
+ | mac_addr[4];
+ dev_dbg_f(zd_chip_dev(chip),
+ "mac addr " MAC_FMT "\n", MAC_ARG(mac_addr));
+ }
mutex_lock(&chip->mutex);
r = zd_iowrite32a_locked(chip, reqs, ARRAY_SIZE(reqs));
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode)
2007-09-23 14:26 [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode) Michael Buesch
@ 2007-09-23 15:27 ` Ulrich Kunitz
2007-09-23 16:35 ` Michael Buesch
0 siblings, 1 reply; 4+ messages in thread
From: Ulrich Kunitz @ 2007-09-23 15:27 UTC (permalink / raw)
To: Michael Buesch; +Cc: Daniel Drake, John Linville, linux-wireless
Michael Buesch wrote:
> This fixes NULL pointer dereferences.
>
> Signed-off-by: Michael Buesch <mb@bu3sch.de>
Michael, there is a patch in my development tree (branch
zd1211rw-dev), which fixes the MAC address handling. It ensures
that the mac address is not accessed over a NULL pointer. It also
ensures that a MAC address, which is different from the address
from the device EEPROM can be set. Additionally it introduces an
open flag, which might be helpful to handle the channel setting
problem.
Your patch solves the issue of NULL pointer accesses, but not the
real cause of the problem.
Look at this gitweb output:
http://deine-taler.de/git-bin/gitweb.cgi?p=zd1211rw.git;a=shortlog;h=zd1211rw-dev
The patch is called "Fixed: MAC address handling".
The git URL is:
git://deine-taler.de/git/zd1211rw.git
Daniel is normally reviewing my patches and forwards them to
linux-wireless. This is our way to ensure quality control before
the patches hit John's tree.
--
Uli Kunitz
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode)
2007-09-23 15:27 ` Ulrich Kunitz
@ 2007-09-23 16:35 ` Michael Buesch
2007-09-24 9:12 ` Johannes Berg
0 siblings, 1 reply; 4+ messages in thread
From: Michael Buesch @ 2007-09-23 16:35 UTC (permalink / raw)
To: Ulrich Kunitz; +Cc: Daniel Drake, John Linville, linux-wireless
On Sunday 23 September 2007, Ulrich Kunitz wrote:
> Daniel is normally reviewing my patches and forwards them to
> linux-wireless. This is our way to ensure quality control before
> the patches hit John's tree.
Yeah, cool. So please get it upstream now. It can't get any worse
with it. The driver currently always crashes.
Also, what's needed to get monitor during operation running?
I guess it's only about removing the artificial restriction
for this in the add_interface callback. Is there something else?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode)
2007-09-23 16:35 ` Michael Buesch
@ 2007-09-24 9:12 ` Johannes Berg
0 siblings, 0 replies; 4+ messages in thread
From: Johannes Berg @ 2007-09-24 9:12 UTC (permalink / raw)
To: Michael Buesch; +Cc: Ulrich Kunitz, Daniel Drake, John Linville, linux-wireless
[-- Attachment #1: Type: text/plain, Size: 412 bytes --]
On Sun, 2007-09-23 at 18:35 +0200, Michael Buesch wrote:
> Also, what's needed to get monitor during operation running?
> I guess it's only about removing the artificial restriction
> for this in the add_interface callback. Is there something else?
Michael, just ignore all this, the filter flags patch is on the way into
the tree and it gets rid of all that. No need to now try to fix it.
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-09-24 9:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-23 14:26 [PATCH] zd1211: Fix crashes with NULL mac addresses (monitor mode) Michael Buesch
2007-09-23 15:27 ` Ulrich Kunitz
2007-09-23 16:35 ` Michael Buesch
2007-09-24 9:12 ` Johannes Berg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).