wpa_supplicant segfault in large WLAN
Jouni Malinen
j
Fri Sep 27 06:13:21 PDT 2013
On Thu, Sep 26, 2013 at 09:37:54PM -0400, Matt Causey wrote:
> I can't seem to do anything that will cause this segfault to happen
> w/valgrind. :-( What do you think about this:
> ==25997== ERROR SUMMARY: 155711 errors from 129 contexts (suppressed: 27
> from 6)
>
> I've attached the full and compressed valgrind log, though it may end up
> being scrubbed by the server.
Thanks! This is a good example where valgrind ends up hiding the
segfault when a program accesses freed memory. Such a bug is a critical
issue always so it does not really matter whether the program crashes or
not (with or without valgrind).
I was able to reproduce this by replaying the scan results and the
configuration you were using. The issue is triggered by a removal of the
oldest BSS entry at a very inconvenient time and yes, this was very much
related to the large number of BSSes in the scan results. For this to
show up, you would need to have at least 200 BSSes that match a network
configuration block in the scan results. And well, you did have 739 such
BSSes.. ;-)
This commit fixes the issue:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=a3cbf82e6d2b494e4c5e87b4101af2f941482400
In addition, while reviewing the implementation, I found another
potential issue that could result in somewhat similar problems. Though,
I don't think this should happen with nl80211 driver interface. Anyway,
the fix is here:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=25b65a142dec4770a79f7a17867f0db93111f843
Please let me know if these address the issues you were seeing.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list