hostapd crash (due to unaligned access)
Pavel Roskin
proski
Sun Mar 14 11:32:09 PST 2004
On Sun, 14 Mar 2004, M. Grabert wrote:
> I tracked down the problem in hostapd/receive.c, line 179/180 of current
> CVS of hostap.
>
> 179 elen = (u16 *) (buf + len - 1);
> 180 extra_len = le_to_host16(*elen);
>
> The last line is triggering the unaligned trap handler on Linux/PA-RISC.
This code should not be executed at all. Protocol version 3 is not used
in the driver. 802.11 uses protocol version 0. hostap driver changes it
to 1 or 2 in hostap_ap_tx_cb(), file hostap_ap.c to pass some information
to hostapd (whether the frame was ACKed).
Protocol 3 is something that the driver doesn't ever pass to hostapd.
The real problem is that you are getting such frames. See what happens
with fc in hostap_ap_tx_cb().
Try the old hostapd with the new driver and vice versa to see where the
bug was introduced.
You can set debug=3 and daemonize=0 in hostapd.conf and see frames dumps.
Look at the frames with the first byte having bits 0 and 1 set. You can
post one to the list.
As for that line, it should probably be changed to "elen = (u16 *) (buf +
len - 2);" but it shouldn't matter - this code should not be run at all!
--
Regards,
Pavel Roskin
More information about the Hostap
mailing list