hostapd crash (due to unaligned access)

Jouni Malinen jkmaline
Mon Mar 15 07:13:50 PST 2004

On Sun, Mar 14, 2004 at 02:32:09PM -0500, Pavel Roskin wrote:

> Protocol 3 is something that the driver doesn't ever pass to hostapd.
> The real problem is that you are getting such frames.  See what happens
> with fc in hostap_ap_tx_cb().
> Try the old hostapd with the new driver and vice versa to see where the
> bug was introduced.
> You can set debug=3 and daemonize=0 in hostapd.conf and see frames dumps.
> Look at the frames with the first byte having bits 0 and 1 set.  You can
> post one to the list.

Yes, it would be interesting to find out why this was happening, so full
debug dump of that frame would indeed be interesting.

> As for that line, it should probably be changed to "elen = (u16 *) (buf +
> len - 2);" but it shouldn't matter - this code should not be run at all!

Oops.. It should be quite obvisous by now that this code has never
really been tested (since it is not used) ;-). I fixed the offset and in
addition, I fixed the potentially unaligned read of that length. hostapd
is not supposed to cause unaligned accesses, so this kind of code is
considered a bug. There may be couple of those lurking around somewhere,
but I will fix them whenever they are reported. I'm mostly using x86, so
I do not notice these that easily.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list