Suspected bad cade in prism2_ioctl_giwencodeext()

Jean Tourrilhes jt
Wed May 3 11:33:32 PDT 2006

	Hi Jouni,

	I suspect the following bit of code does not work.

static int prism2_ioctl_giwencodeext(struct net_device *dev,
				     struct iw_request_info *info,
				     struct iw_point *erq, char *extra)
	struct iw_encode_ext *ext = (struct iw_encode_ext *) extra;
	addr = ext->addr.sa_data;
	if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
	    addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {

	For the GET requests, only the 'struct iw_point' part of the
request is passed from user-space to kernel, on the other hand 'extra'
is never passed from user-space to kernel. So, in the code above, you
have garbage in extra at the start of the function, and therefore
garbage in 'addr'.
	Moreover, I don't know how it is supposed to work in user
space. If I want to list all the keys, I must do an exhaustive search
in all the possible MAC addresses ? Because I don't see a way for
userspace to 'guess' which MAC addresses are used or not.

	The reason why this all came up is that I've finally
implemented SIOCGIWENCODEEXT in the wireless tools (29-pre10, iwlist
wpakeys). While testing agains various drivers, I realised that I was
not getting any useful results.
	I checked in wpa_supplicant, and it does not seem to implement
those functions.
	I believe we have an API definition issue. There could be
various way to deal with that, but, as you designed the API, I want to
get your feedback first.

	Have fun...


More information about the Hostap mailing list